Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Mutiple dllhost.exe *32 processes consuming CPU


  • This topic is locked This topic is locked
33 replies to this topic

#1 quentin109

quentin109

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:25 PM

Posted 11 August 2014 - 05:52 PM

Hello guys, as the title says my Toshiba laptop has a problem where multiple processes of dllhost.exe COM surrogate, which I think is a virus but I am not 100% sure, are appearing in my task manager and slowing down my laptop. There will be one normal file: dllhost.exe and then 30+ dllhost.exe*32 processes that slows down my computer to a point where its not even usable. Please I need your guys help.


Edited by quentin109, 11 August 2014 - 06:16 PM.


BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:25 AM

Posted 12 August 2014 - 01:22 PM

Hi there,

please run a FRST scan:


Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


#3 quentin109

quentin109
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:25 PM

Posted 12 August 2014 - 05:05 PM

Thanks for helping me out. I ran the scans and I will post the two logs as requested, but a quick question, will this processes remove the virus from my whole system or just the current user account I am on because when the problem first occured I made multiple accounts hoping that would be a solution to my problem but as you can see it's not, im current doing this on a guest account as this is the most stable account in which I can scan and reply to you guys in but it still has the problem, if you can answer this it would be great.
Now here are the logs:

1. FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-08-2014
Ran by TeeSupport (administrator) on OWNER-PC on 12-08-2014 17:15:13
Running from C:\Users\TeeSupport\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\iSafe\iSafeSvc.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\iSafe\iSafeSvc2.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\iSafe\iSafeTray.exe
(Virtual Group) C:\Users\Quentin 2\AppData\Roaming\Ihvutyid\ygygi.exe
(Virtual Group) C:\Users\Owner\AppData\Roaming\Obnodofu\byatala.exe
(Global Trade) C:\Users\Owner\AppData\Roaming\Xoehto\mihegaf.exe
() C:\Users\TeeSupport\porluibacpap.exe
(Virtual Group) C:\Users\Owner\AppData\Roaming\Efkuylri\okwaec.exe
(Webroot Software, Inc. ) C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe
() C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\psvchost.exe
( ) C:\Users\TeeSupport\AppData\Roaming\Caifyz\fyylk.exe
(Global Trade) C:\Users\Quentin 2\AppData\Roaming\Ladyqi\weequwt.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Global Trade) C:\Windows\SysWOW64\apdah.exe
(Global Trade) C:\Windows\SysWOW64\huwaic.exe
(Virtual Group) C:\Windows\SysWOW64\zousy.exe
(Global Trade) C:\Windows\SysWOW64\dobaxetiuv.exe
(Virtual Group) C:\Windows\SysWOW64\yfigom.exe
(Virtual Group) C:\Windows\SysWOW64\cyvyfunai.exe
(Mozilla Foundation) C:\Users\TeeSupport\AppData\Local\Temp\temp7D8462B2-296E\xulrunner.exe
(Global Trade) C:\Windows\SysWOW64\uvciecygem.exe
(Global Trade) C:\Windows\SysWOW64\afvicoodb.exe
(Virtual Group) C:\Windows\SysWOW64\raygu.exe
(Global Trade) C:\Windows\SysWOW64\ugisuxcyqe.exe
(Virtual Group) C:\Windows\SysWOW64\ymalk.exe
(Global Trade) C:\Windows\SysWOW64\rerotyliaz.exe
(Virtual Group) C:\Windows\SysWOW64\tyduil.exe
(Virtual Group) C:\Windows\SysWOW64\decerae.exe
(Virtual Group) C:\Windows\SysWOW64\uzboqywuo.exe
(Global Trade) C:\Windows\SysWOW64\asywd.exe
(Virtual Group) C:\Windows\SysWOW64\ovgoc.exe
(Virtual Group) C:\Windows\SysWOW64\tixia.exe
(Global Trade) C:\Windows\SysWOW64\ywwiyxecko.exe
(Global Trade) C:\Windows\SysWOW64\ilipicoxe.exe
(Virtual Group) C:\Windows\SysWOW64\uptiko.exe
(Global Trade) C:\Windows\SysWOW64\ceymynq.exe
(Virtual Group) C:\Windows\SysWOW64\yrylulxet.exe
(Virtual Group) C:\Windows\SysWOW64\lefoezru.exe
(Virtual Group) C:\Windows\SysWOW64\yquxkoic.exe
(Virtual Group) C:\Windows\SysWOW64\ecvumuipa.exe
(Global Trade) C:\Windows\SysWOW64\oszuur.exe
(Virtual Group) C:\Windows\SysWOW64\unizlo.exe
(Virtual Group) C:\Windows\SysWOW64\igyzloo.exe
(Global Trade) C:\Windows\SysWOW64\ocitm.exe
(Virtual Group) C:\Windows\SysWOW64\vaemd.exe
(Virtual Group) C:\Windows\SysWOW64\toehti.exe
(Virtual Group) C:\Windows\SysWOW64\eknaciby.exe
(Virtual Group) C:\Windows\SysWOW64\sixuocxaru.exe
(Virtual Group) C:\Windows\SysWOW64\adryugu.exe
(Global Trade) C:\Windows\SysWOW64\besud.exe
(Global Trade) C:\Windows\SysWOW64\hyyxheqiap.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(Webroot Software, Inc. (www.webroot.com)) C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\AEI.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Webroot Software, Inc. ) C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Woodtale Technology Inc.) C:\Program Files (x86)\iSafe\dup.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\iSafe\iSafeTray.exe
(Virtual Group) C:\Users\Owner\AppData\Roaming\Dosaxuuq\caevo.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
(Virtual Group) C:\Users\Owner\AppData\Roaming\Elmiurov\ihuttul.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Virtual Group) C:\Users\Owner\AppData\Roaming\Obnodofu\byatala.exe
(Global Trade) C:\Users\Quentin 2\AppData\Roaming\Ladyqi\weequwt.exe
(Global Trade) C:\Users\Quentin 2\AppData\Roaming\Inkonaxy\ywtyer.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(ooVoo LLC) C:\Program Files (x86)\oovoo\ooVoo.exe
(Akamai Technologies, Inc.) C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe
( ) C:\Users\Owner\AppData\Roaming\Naem\ivygh.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Akamai Technologies, Inc.) C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe
() C:\Users\Owner\porluibacpap.exe
(Microsoft Corporation) C:\Windows\SysWOW64\runonce.exe
(Dropbox, Inc.) C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Webroot Software, Inc. ) C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe
() C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\psvchost.exe
(Virtual Group) C:\Users\Guest\AppData\Roaming\Vyweolco\omorzuu.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
(Virtual Group) C:\Users\Quentin 2\AppData\Roaming\Kuoqdueb\yhcub.exe
(Virtual Group) C:\Users\Owner\AppData\Roaming\Obnodofu\byatala.exe
(Virtual Group) C:\Users\TeeSupport\AppData\Roaming\Izduaniv\yzcoca.exe
(Virtual Group) C:\Users\TeeSupport\AppData\Roaming\Akitevti\ryaqo.exe
(Virtual Group) C:\Users\Owner\AppData\Roaming\Dosaxuuq\caevo.exe
(Virtual Group) C:\Users\TeeSupport\AppData\Roaming\Foleaxop\fyylr.exe
(Global Trade) C:\Users\Guest\AppData\Roaming\Olqice\guuvo.exe
(Virtual Group) C:\Users\Quentin 3\AppData\Roaming\Agekhu\itzuy.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [Yrtuazpooxudzi] => C:\Users\Owner\AppData\Roaming\Dosaxuuq\caevo.exe [280064 2013-07-14] (Virtual Group)
HKLM\...\Run: [Ohynseilylny] => C:\Users\Owner\AppData\Roaming\Ilohyh\gyqafiu.exe [280064 2012-10-30] (Virtual Group)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-07-09] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-04-23] (TOSHIBA Corporation)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2588456 2010-11-11] (ELAN Microelectronics Corp.)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [915320 2010-05-10] (TOSHIBA Corporation)
HKLM\...\Run: [Eznovusaobwa] => C:\Users\Owner\AppData\Roaming\Ymhaca\woovepu.exe [284160 2014-06-02] (Virtual Group)
HKLM\...\Run: [Osalpymywio] => C:\Users\Owner\AppData\Roaming\Elmiurov\ihuttul.exe [284160 2013-11-27] (Virtual Group)
HKLM\...\Run: [Soneipedfo] => C:\Users\Quentin 2\AppData\Roaming\Ihvutyid\ygygi.exe [284160 2014-06-02] (Virtual Group)
HKLM\...\Run: [Uluzedofveyz] => C:\Users\Owner\AppData\Roaming\Efkuylri\okwaec.exe [280064 2012-11-20] (Virtual Group)
HKLM\...\Run: [Yzlyubiguh] => C:\Users\Owner\AppData\Roaming\Obnodofu\byatala.exe [283136 2014-03-03] (Virtual Group)
HKLM\...\Run: [Yzgyabt] => C:\Users\Quentin 2\AppData\Roaming\Loxumoas\eqhyen.exe [283136 2014-06-02] (Virtual Group)
HKLM\...\Run: [Uhiwlagaocba] => C:\Users\TeeSupport\AppData\Roaming\Soypeku\uksyuz.exe [280064 2014-02-14] (Virtual Group)
HKLM\...\Run: [Okoseqreannyapp] => C:\Users\Quentin 2\AppData\Roaming\Ladyqi\weequwt.exe [321024 2014-06-01] (Global Trade)
HKLM\...\Run: [Wiryo] => C:\Users\Quentin 2\AppData\Roaming\Buohdoe\yxudp.exe [280064 2014-06-02] (Virtual Group)
HKLM\...\Run: [Yngaorav] => C:\Users\Quentin 2\AppData\Roaming\Inkonaxy\ywtyer.exe [317952 2014-05-30] (Global Trade)
HKLM\...\Run: [Irdoqunutyy] => C:\Users\Quentin 3\AppData\Roaming\Wusuafo\alsey.exe [284160 2014-06-04] (Virtual Group)
HKLM\...\Run: [Lufiy] => C:\Users\Quentin 2\AppData\Roaming\Amatim\qysyc.exe [280064 2014-06-02] (Virtual Group)
HKLM\...\Run: [Onoqduuw] => C:\Users\Quentin 2\AppData\Roaming\Kuoqdueb\yhcub.exe [284160 2014-06-02] (Virtual Group)
HKLM\...\Run: [Wauwz] => C:\Users\Quentin 2\AppData\Roaming\Toxyca\usdia.exe [321024 2014-05-31] (Global Trade)
HKLM\...\Run: [Alracoukzak] => C:\Users\Owner\AppData\Roaming\Gelyer\elaxpa.exe [317952 2013-09-12] (Global Trade)
HKLM\...\Run: [Daobezzagu] => C:\Users\Guest\AppData\Roaming\Vyweolco\omorzuu.exe [283136 2012-01-07] (Virtual Group)
HKLM\...\Run: [Qiyxdoz] => C:\Users\Quentin 2\AppData\Roaming\Geguupqe\ywpode.exe [317952 2014-05-29] (Global Trade)
HKLM\...\Run: [Afatinulsoedil] => C:\Users\Owner\AppData\Roaming\Xoehto\mihegaf.exe [317952 2012-02-11] (Global Trade)
HKLM\...\Run: [Xaoskiorkilir] => C:\Users\Owner\AppData\Roaming\Viogbe\urubaxd.exe [317952 2011-10-27] (Global Trade)
HKLM\...\Run: [Ydyly] => C:\Users\Owner\AppData\Roaming\Myuzza\worah.exe [321024 2013-03-19] (Global Trade)
HKLM\...\Run: [Ibolexso] => C:\Users\Owner\AppData\Roaming\Wixowilu\amteug.exe [280064 2013-09-13] (Virtual Group)
HKLM-x32\...\Run: [Wiryo] => C:\Users\Quentin 2\AppData\Roaming\Buohdoe\yxudp.exe [280064 2014-06-02] (Virtual Group)
HKLM-x32\...\Run: [Xevizeabiwil] => C:\Users\TeeSupport\AppData\Roaming\Owsype\uperyde.exe [280064 2013-10-04] (Virtual Group)
HKLM-x32\...\Run: [Leuzilhaxisayp] => C:\Users\TeeSupport\AppData\Roaming\Iwrura\zoilhu.exe [280064 2013-12-13] (Virtual Group)
HKLM-x32\...\Run: [Uhiwlagaocba] => C:\Users\TeeSupport\AppData\Roaming\Soypeku\uksyuz.exe [280064 2014-02-14] (Virtual Group)
HKLM-x32\...\Run: [Uluzedofveyz] => C:\Users\Owner\AppData\Roaming\Efkuylri\okwaec.exe [280064 2012-11-20] (Virtual Group)
HKLM-x32\...\Run: [Ibolexso] => C:\Users\Owner\AppData\Roaming\Wixowilu\amteug.exe [280064 2013-09-13] (Virtual Group)
HKLM-x32\...\Run: [WebrootTrayApp] => C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe [1382984 2011-12-10] (Webroot Software, Inc. )
HKLM-x32\...\Run: [RestServiceWindows2014] => C:\windows\SysWOW64\config\systemprofile\AppData\Roaming\psvchost.exe [141312 2014-05-31] ()
HKLM-x32\...\Run: [Eznovusaobwa] => C:\Users\Owner\AppData\Roaming\Ymhaca\woovepu.exe [284160 2014-06-02] (Virtual Group)
HKLM-x32\...\Run: [Yzgyabt] => C:\Users\Quentin 2\AppData\Roaming\Loxumoas\eqhyen.exe [283136 2014-06-02] (Virtual Group)
HKLM-x32\...\Run: [Hypuv] => C:\Users\Quentin 2\AppData\Roaming\Espaku\arubwi.exe [283136 2014-06-02] (Virtual Group)
HKLM-x32\...\Run: [Yzelqaroum] => C:\Users\Owner\AppData\Roaming\Nyvielyn\zewoo.exe [283136 2013-04-18] (Virtual Group)
HKLM-x32\...\Run: [Osalpymywio] => C:\Users\Owner\AppData\Roaming\Elmiurov\ihuttul.exe [284160 2013-11-27] (Virtual Group)
HKLM-x32\...\Run: [Onoqduuw] => C:\Users\Quentin 2\AppData\Roaming\Kuoqdueb\yhcub.exe [284160 2014-06-02] (Virtual Group)
HKLM-x32\...\Run: [Soneipedfo] => C:\Users\Quentin 2\AppData\Roaming\Ihvutyid\ygygi.exe [284160 2014-06-02] (Virtual Group)
HKLM-x32\...\Run: [Yrtuazpooxudzi] => C:\Users\Owner\AppData\Roaming\Dosaxuuq\caevo.exe [280064 2013-07-14] (Virtual Group)
HKLM-x32\...\Run: [Haifetor] => C:\Users\Quentin 2\AppData\Roaming\Cufuseda\siynh.exe [280064 2014-06-02] (Virtual Group)
HKLM-x32\...\Run: [Yzlyubiguh] => C:\Users\Owner\AppData\Roaming\Obnodofu\byatala.exe [283136 2014-03-03] (Virtual Group)
HKLM-x32\...\Run: [Ohynseilylny] => C:\Users\Owner\AppData\Roaming\Ilohyh\gyqafiu.exe [280064 2012-10-30] (Virtual Group)
HKLM-x32\...\Run: [Omonuqviqa] => C:\Users\TeeSupport\AppData\Roaming\Ottyuhr\odxiigt.exe [280064 2014-05-29] (Virtual Group)
HKLM-x32\...\Run: [Lufiy] => C:\Users\Quentin 2\AppData\Roaming\Amatim\qysyc.exe [280064 2014-06-02] (Virtual Group)
HKLM-x32\...\Run: [Begowaurxaoszi] => C:\Users\Quentin 2\AppData\Roaming\Ovorsow\cibead.exe [280064 2014-06-02] (Virtual Group)
HKLM-x32\...\Run: [Okoseqreannyapp] => C:\Users\Quentin 2\AppData\Roaming\Ladyqi\weequwt.exe [321024 2014-06-01] (Global Trade)
HKLM-x32\...\Run: [Wauwz] => C:\Users\Quentin 2\AppData\Roaming\Toxyca\usdia.exe [321024 2014-05-31] (Global Trade)
HKLM-x32\...\Run: [Yvivefyzygyhew] => C:\Users\TeeSupport\AppData\Roaming\Izduaniv\yzcoca.exe [284160 2013-09-30] (Virtual Group)
HKLM-x32\...\Run: [Tetaxevaih] => C:\Users\TeeSupport\AppData\Roaming\Akitevti\ryaqo.exe [283136 2013-11-19] (Virtual Group)
HKLM-x32\...\Run: [Okodpogeoc] => C:\Users\TeeSupport\AppData\Roaming\Ifzaaq\ufcao.exe [321024 2014-05-09] (Global Trade)
HKLM-x32\...\Run: [Azedbixifuvevor] => C:\Users\TeeSupport\AppData\Roaming\Foleaxop\fyylr.exe [283136 2014-04-14] (Virtual Group)
HKLM-x32\...\Run: [Uzolypafgeobeny] => C:\Users\TeeSupport\AppData\Roaming\Icteuly\xeizr.exe [284160 2014-04-25] (Virtual Group)
HKLM-x32\...\Run: [Kibetooqem] => C:\Users\TeeSupport\AppData\Roaming\Erofwyoc\akqupec.exe [321024 2013-11-21] (Global Trade)
HKLM-x32\...\Run: [Lyoqcoesbyvya] => C:\Users\Quentin 3\AppData\Roaming\Miifhic\xexuw.exe [280064 2014-06-04] (Virtual Group)
HKLM-x32\...\Run: [Saeqakok] => C:\Users\Quentin 3\AppData\Roaming\Hyypogpa\xeqoqaz.exe [321024 2014-06-04] (Global Trade)
HKLM-x32\...\Run: [Irdoqunutyy] => C:\Users\Quentin 3\AppData\Roaming\Wusuafo\alsey.exe [284160 2014-06-04] (Virtual Group)
HKLM-x32\...\Run: [Otozgaqaby] => C:\Users\Quentin 3\AppData\Roaming\Agekhu\itzuy.exe [283136 2014-06-04] (Virtual Group)
HKLM-x32\...\Run: [Ymedka] => C:\Users\Quentin 3\AppData\Roaming\Urwaitk\wayge.exe [317952 2014-06-04] (Global Trade)
HKLM-x32\...\Run: [Yngaorav] => C:\Users\Quentin 2\AppData\Roaming\Inkonaxy\ywtyer.exe [317952 2014-05-30] (Global Trade)
HKLM-x32\...\Run: [Qiyxdoz] => C:\Users\Quentin 2\AppData\Roaming\Geguupqe\ywpode.exe [317952 2014-05-29] (Global Trade)
HKLM-x32\...\Run: [Ukgepium] => C:\Users\Owner\AppData\Roaming\Hurupei\amnor.exe [321024 2014-01-19] (Global Trade)
HKLM-x32\...\Run: [Alracoukzak] => C:\Users\Owner\AppData\Roaming\Gelyer\elaxpa.exe [317952 2013-09-12] (Global Trade)
HKLM-x32\...\Run: [Ubokkecibyg] => C:\Users\Owner\AppData\Roaming\Ufufqula\tauge.exe [321024 2013-12-29] (Global Trade)
HKLM-x32\...\Run: [Yrnoafigwaqike] => C:\Users\Guest\AppData\Roaming\Ixodboi\atturuo.exe [280064 2012-08-27] (Virtual Group)
HKLM-x32\...\Run: [Zimoufyllec] => C:\Users\Guest\AppData\Roaming\Bacuacsy\teossuv.exe [317952 2014-06-04] (Global Trade)
HKLM-x32\...\Run: [Toyge] => C:\Users\Guest\AppData\Roaming\Olqice\guuvo.exe [321024 2013-12-13] (Global Trade)
HKLM-x32\...\Run: [Daobezzagu] => C:\Users\Guest\AppData\Roaming\Vyweolco\omorzuu.exe [283136 2012-01-07] (Virtual Group)
HKLM-x32\...\Run: [Meeqazox] => C:\Users\Guest\AppData\Roaming\Wegari\ylzasyi.exe [284160 2012-12-27] (Virtual Group)
HKLM-x32\...\Run: [Alwaygirhe] => C:\Users\Owner\AppData\Roaming\Abepfom\elymat.exe [321024 2014-03-15] (Global Trade)
HKLM-x32\...\Run: [Afatinulsoedil] => C:\Users\Owner\AppData\Roaming\Xoehto\mihegaf.exe [317952 2012-02-11] (Global Trade)
HKLM-x32\...\Run: [Ydyly] => C:\Users\Owner\AppData\Roaming\Myuzza\worah.exe [321024 2013-03-19] (Global Trade)
HKLM-x32\...\Run: [Xaoskiorkilir] => C:\Users\Owner\AppData\Roaming\Viogbe\urubaxd.exe [317952 2011-10-27] (Global Trade)
HKLM-x32\...\Run: [Daowykci] => C:\Users\TeeSupport\AppData\Roaming\Ipehyg\ermafyy.exe [317952 2013-09-14] (Global Trade)
HKLM-x32\...\Run: [Zyibhesyexuk] => C:\Users\TeeSupport\AppData\Roaming\Umizpo\qyage.exe [317952 2014-03-21] (Global Trade)
HKLM-x32\...\Run: [Regedit32] => C:\windows\SysWOW64\regedit.exe [398336 2009-07-13] (Microsoft Corporation)
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Malwarebytes' Anti-Malware <====== ATTENTION
Winlogon\Notify\ecnshfl-x32: C:\windows\SysWOW64\config\systemprofile\AppData\Local\ecnshfl.dll ()
Winlogon\Notify\hloipte-x32: C:\windows\SysWOW64\config\systemprofile\AppData\Local\hloipte.dll ()
Winlogon\Notify\miollie-x32: C:\windows\SysWOW64\config\systemprofile\AppData\Local\miollie.dll ()
Winlogon\Notify\otrokes-x32: C:\windows\SysWOW64\config\systemprofile\AppData\Local\otrokes.dll ()
Winlogon\Notify\otrukos-x32: C:\windows\SysWOW64\config\systemprofile\AppData\Local\otrukos.dll ()
Winlogon\Notify\vehsisn-x32: C:\windows\SysWOW64\config\systemprofile\AppData\Local\vehsisn.dll ()
Winlogon\Notify\vlsdjww-x32: C:\windows\SysWOW64\config\systemprofile\AppData\Local\vlsdjww.dll ()
HKU\.DEFAULT\...\Run: [Akamai] => rundll32 "C:\Users\Owner\AppData\Local\Microsoft Games\Akamai\acmhkb.dll",DllRegisterServer <===== ATTENTION
HKU\.DEFAULT\...\Run: [BackgroundContainer] => "C:\windows\SysWOW64\Rundll32.exe" "C:\Users\Owner\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <===== ATTENTION
HKU\.DEFAULT\...\Run: [hloipte] => rundll32 "C:\windows\system32\config\systemprofile\AppData\Local\hloipte.dll",hloipte <===== ATTENTION
HKU\.DEFAULT\...\Run: [extrCERT] => C:\windows\system32\Magntend.exe
HKU\.DEFAULT\...\Run: [AjguVwok] => regsvr32.exe "C:\ProgramData\AjguVwok.dat"
HKU\.DEFAULT\...\Run: [OrjaTipg] => regsvr32.exe "C:\ProgramData\OrjaTipg.dat"
HKU\.DEFAULT\...\Run: [miollie] => rundll32 "C:\windows\system32\config\systemprofile\AppData\Local\miollie.dll",miollie <===== ATTENTION
HKU\.DEFAULT\...\Run: [explInit] => C:\windows\system32\Magnocom.exe
HKU\.DEFAULT\...\Run: [Yrtuazpooxudzi] => C:\Users\Owner\AppData\Roaming\Dosaxuuq\caevo.exe [280064 2013-07-14] (Virtual Group)
HKU\.DEFAULT\...\Run: [ecnshfl] => rundll32 "C:\windows\system32\config\systemprofile\AppData\Local\ecnshfl.dll",ecnshfl <===== ATTENTION
HKU\.DEFAULT\...\Run: [expaSVCS] => C:\windows\system32\logmmsra.exe
HKU\.DEFAULT\...\Run: [expaetup] => C:\windows\system32\logmaint.exe
HKU\.DEFAULT\...\Run: [befukocsejyr] => C:\windows\system32\config\systemprofile\befukocsejyr.exe
HKU\.DEFAULT\...\Run: [vlsdjww] => rundll32 "C:\windows\system32\config\systemprofile\AppData\Local\vlsdjww.dll",vlsdjww <===== ATTENTION
HKU\.DEFAULT\...\Run: [ExubNosul] => regsvr32.exe "C:\ProgramData\ExubNosul.dat"
HKU\.DEFAULT\...\Run: [ExkaTijun] => regsvr32.exe "C:\ProgramData\ExkaTijun.dat"
HKU\.DEFAULT\...\Run: [evenkill] => C:\windows\system32\logashta.exe
HKU\.DEFAULT\...\Run: [vehsisn] => rundll32 "C:\windows\system32\config\systemprofile\AppData\Local\vehsisn.dll",vehsisn <===== ATTENTION
HKU\.DEFAULT\...\Run: [eudctray] => C:\windows\system32\lefotvol.exe
HKU\.DEFAULT\...\Run: [eudcmote] => C:\windows\system32\lefosync.exe
HKU\.DEFAULT\...\Run: [IcevIrof] => regsvr32.exe "C:\ProgramData\IcevIrof.dat"
HKU\.DEFAULT\...\Run: [EmokRenb] => regsvr32.exe "C:\ProgramData\EmokRenb.dat"
HKU\.DEFAULT\...\Run: [otrokes] => rundll32 "C:\windows\system32\config\systemprofile\AppData\Local\otrokes.dll",otrokes <===== ATTENTION
HKU\.DEFAULT\...\Run: [EfciPgadi] => regsvr32.exe "C:\ProgramData\EfciPgadi.dat"
HKU\.DEFAULT\...\Run: [OvgirHavdu] => regsvr32.exe "C:\ProgramData\OvgirHavdu.dat"
HKU\.DEFAULT\...\Run: [otrukos] => rundll32 "C:\windows\system32\config\systemprofile\AppData\Local\otrukos.dll",otrukos <===== ATTENTION
HKU\.DEFAULT\...\Run: [AsebHezv] => regsvr32.exe "C:\ProgramData\AsebHezv.dat"
HKU\.DEFAULT\...\Run: [ArurXuqta] => regsvr32.exe "C:\ProgramData\ArurXuqta.dat"
HKU\.DEFAULT\...\Policies\Explorer\Run: [ProcessW  Å GetEntry_DeProcess Mutex] => C:\windows\system32\config\systemprofile\AppData\Roaming\udbsfdsv\iedjfsfe.exe
HKU\S-1-5-19\...\Run: [Akamai] => rundll32 "C:\Users\Owner\AppData\Local\Microsoft Games\Akamai\acmhkb.dll",DllRegisterServer <===== ATTENTION
HKU\S-1-5-20\...\Run: [Akamai] => rundll32 "C:\Users\Owner\AppData\Local\Microsoft Games\Akamai\acmhkb.dll",DllRegisterServer <===== ATTENTION
HKU\S-1-5-21-856383927-2722781114-901137784-1000\...\Run: [Yrtuazpooxudzi] => C:\Users\Owner\AppData\Roaming\Dosaxuuq\caevo.exe [280064 2013-07-14] (Virtual Group)
HKU\S-1-5-21-856383927-2722781114-901137784-1000\...\Run: [Ohynseilylny] => C:\Users\Owner\AppData\Roaming\Ilohyh\gyqafiu.exe [280064 2012-10-30] (Virtual Group)
HKU\S-1-5-21-856383927-2722781114-901137784-1000\...\Run: [{E776CC13-CD78-C7C1-DA45-94B36D6A9CA5}] => C:\Users\Owner\AppData\Roaming\Naem\ivygh.exe [231424 2013-11-20] ( )
HKU\S-1-5-21-856383927-2722781114-901137784-1000\...\Run: [Twtion Update] => "regsvr32.exe" C:\Users\Owner\AppData\Local\Twtion\aqReporter.dll
HKU\S-1-5-21-856383927-2722781114-901137784-1000\...\Run: [Twtion] => "regsvr32.exe" C:\Users\Owner\AppData\Local\Twtion\aqReporter.dll <===== ATTENTION
HKU\S-1-5-21-856383927-2722781114-901137784-1000\...\Run: [ooVoo.exe] => C:\Program Files (x86)\oovoo\ooVoo.exe [36151360 2014-02-23] (ooVoo LLC)
HKU\S-1-5-21-856383927-2722781114-901137784-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-856383927-2722781114-901137784-1000\...\Run: [Eznovusaobwa] => C:\Users\Owner\AppData\Roaming\Ymhaca\woovepu.exe [284160 2014-06-02] (Virtual Group)
HKU\S-1-5-21-856383927-2722781114-901137784-1000\...\Run: [Osalpymywio] => C:\Users\Owner\AppData\Roaming\Elmiurov\ihuttul.exe [284160 2013-11-27] (Virtual Group)
HKU\S-1-5-21-856383927-2722781114-901137784-1000\...\Run: [Uluzedofveyz] => C:\Users\Owner\AppData\Roaming\Efkuylri\okwaec.exe [280064 2012-11-20] (Virtual Group)
HKU\S-1-5-21-856383927-2722781114-901137784-1000\...\Run: [Soneipedfo] => C:\Users\Quentin 2\AppData\Roaming\Ihvutyid\ygygi.exe [284160 2014-06-02] (Virtual Group)
HKU\S-1-5-21-856383927-2722781114-901137784-1000\...\Run: [Yzelqaroum] => C:\Users\Owner\AppData\Roaming\Nyvielyn\zewoo.exe [283136 2013-04-18] (Virtual Group)
HKU\S-1-5-21-856383927-2722781114-901137784-1000\...\Run: [Yzlyubiguh] => C:\Users\Owner\AppData\Roaming\Obnodofu\byatala.exe [283136 2014-03-03] (Virtual Group)
HKU\S-1-5-21-856383927-2722781114-901137784-1000\...\Run: [Okoseqreannyapp] => C:\Users\Quentin 2\AppData\Roaming\Ladyqi\weequwt.exe [321024 2014-06-01] (Global Trade)
HKU\S-1-5-21-856383927-2722781114-901137784-1000\...\Run: [Yngaorav] => C:\Users\Quentin 2\AppData\Roaming\Inkonaxy\ywtyer.exe [317952 2014-05-30] (Global Trade)
HKU\S-1-5-21-856383927-2722781114-901137784-1000\...\Run: [Yzgyabt] => C:\Users\Quentin 2\AppData\Roaming\Loxumoas\eqhyen.exe [283136 2014-06-02] (Virtual Group)
HKU\S-1-5-21-856383927-2722781114-901137784-1000\...\Run: [Onoqduuw] => C:\Users\Quentin 2\AppData\Roaming\Kuoqdueb\yhcub.exe [284160 2014-06-02] (Virtual Group)
HKU\S-1-5-21-856383927-2722781114-901137784-1000\...\Run: [Wauwz] => C:\Users\Quentin 2\AppData\Roaming\Toxyca\usdia.exe [321024 2014-05-31] (Global Trade)
HKU\S-1-5-21-856383927-2722781114-901137784-1000\...\Run: [Qiyxdoz] => C:\Users\Quentin 2\AppData\Roaming\Geguupqe\ywpode.exe [317952 2014-05-29] (Global Trade)
HKU\S-1-5-21-856383927-2722781114-901137784-1000\...\Run: [Uhiwlagaocba] => C:\Users\TeeSupport\AppData\Roaming\Soypeku\uksyuz.exe [280064 2014-02-14] (Virtual Group)
HKU\S-1-5-21-856383927-2722781114-901137784-1000\...\Run: [porluibacpap] => C:\Users\Owner\porluibacpap.exe [47360 2014-06-30] ()
HKU\S-1-5-21-856383927-2722781114-901137784-1000\...\Run: [Afatinulsoedil] => C:\Users\Owner\AppData\Roaming\Xoehto\mihegaf.exe [317952 2012-02-11] (Global Trade)
HKU\S-1-5-21-856383927-2722781114-901137784-1000\...\Run: [Xaoskiorkilir] => C:\Users\Owner\AppData\Roaming\Viogbe\urubaxd.exe [317952 2011-10-27] (Global Trade)
HKU\S-1-5-21-856383927-2722781114-901137784-1000\...\Run: [Ydyly] => C:\Users\Owner\AppData\Roaming\Myuzza\worah.exe [321024 2013-03-19] (Global Trade)
HKU\S-1-5-21-856383927-2722781114-901137784-1000\...\Run: [Lufiy] => C:\Users\Quentin 2\AppData\Roaming\Amatim\qysyc.exe [280064 2014-06-02] (Virtual Group)
HKU\S-1-5-21-856383927-2722781114-901137784-1000\...\Run: [Ibolexso] => C:\Users\Owner\AppData\Roaming\Wixowilu\amteug.exe [280064 2013-09-13] (Virtual Group)
HKU\S-1-5-21-856383927-2722781114-901137784-1000\...\Run: [Zyibhesyexuk] => C:\Users\TeeSupport\AppData\Roaming\Umizpo\qyage.exe [317952 2014-03-21] (Global Trade)
HKU\S-1-5-21-856383927-2722781114-901137784-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-856383927-2722781114-901137784-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-856383927-2722781114-901137784-1000\...\Winlogon: [Shell] explorer.exe,C:\Users\Owner\AppData\Roaming\cache.dat <==== ATTENTION
HKU\S-1-5-21-856383927-2722781114-901137784-1000\...409d6c4515e9\InprocServer32: [Default-shell32] \\?\globalroot\Device\HarddiskVolume2\Users\Owner\AppData\Roaming\sqxcytu\sjqnfbs\wow.dll ATTENTION! ====> ZeroAccess?
HKU\S-1-5-21-856383927-2722781114-901137784-1003\...\Run: [Yrtuazpooxudzi] => C:\Users\Owner\AppData\Roaming\Dosaxuuq\caevo.exe [280064 2013-07-14] (Virtual Group)
HKU\S-1-5-21-856383927-2722781114-901137784-1003\...\Run: [{694320CC-8F6F-F114-A5A0-A6B34D7B2DEA}] => C:\Users\TeeSupport\AppData\Roaming\Caifyz\fyylk.exe [231424 2014-02-06] ( )
HKU\S-1-5-21-856383927-2722781114-901137784-1003\...\Run: [Wiryo] => C:\Users\Quentin 2\AppData\Roaming\Buohdoe\yxudp.exe [280064 2014-06-02] (Virtual Group)
HKU\S-1-5-21-856383927-2722781114-901137784-1003\...\Run: [Eznovusaobwa] => C:\Users\Owner\AppData\Roaming\Ymhaca\woovepu.exe [284160 2014-06-02] (Virtual Group)
HKU\S-1-5-21-856383927-2722781114-901137784-1003\...\Run: [Okoseqreannyapp] => C:\Users\Quentin 2\AppData\Roaming\Ladyqi\weequwt.exe [321024 2014-06-01] (Global Trade)
HKU\S-1-5-21-856383927-2722781114-901137784-1003\...\Run: [Yzlyubiguh] => C:\Users\Owner\AppData\Roaming\Obnodofu\byatala.exe [283136 2014-03-03] (Virtual Group)
HKU\S-1-5-21-856383927-2722781114-901137784-1003\...\Run: [Alracoukzak] => C:\Users\Owner\AppData\Roaming\Gelyer\elaxpa.exe [317952 2013-09-12] (Global Trade)
HKU\S-1-5-21-856383927-2722781114-901137784-1003\...\Run: [Daobezzagu] => C:\Users\Guest\AppData\Roaming\Vyweolco\omorzuu.exe [283136 2012-01-07] (Virtual Group)
HKU\S-1-5-21-856383927-2722781114-901137784-1003\...\Run: [Ohynseilylny] => C:\Users\Owner\AppData\Roaming\Ilohyh\gyqafiu.exe [280064 2012-10-30] (Virtual Group)
HKU\S-1-5-21-856383927-2722781114-901137784-1003\...\Run: [Osalpymywio] => C:\Users\Owner\AppData\Roaming\Elmiurov\ihuttul.exe [284160 2013-11-27] (Virtual Group)
HKU\S-1-5-21-856383927-2722781114-901137784-1003\...\Run: [Wauwz] => C:\Users\Quentin 2\AppData\Roaming\Toxyca\usdia.exe [321024 2014-05-31] (Global Trade)
HKU\S-1-5-21-856383927-2722781114-901137784-1003\...\Run: [porluibacpap] => C:\Users\TeeSupport\porluibacpap.exe [47360 2014-06-30] ()
HKU\S-1-5-21-856383927-2722781114-901137784-1003\...\Run: [Yngaorav] => C:\Users\Quentin 2\AppData\Roaming\Inkonaxy\ywtyer.exe [317952 2014-05-30] (Global Trade)
HKU\S-1-5-21-856383927-2722781114-901137784-1003\...\Run: [Uluzedofveyz] => C:\Users\Owner\AppData\Roaming\Efkuylri\okwaec.exe [280064 2012-11-20] (Virtual Group)
HKU\S-1-5-21-856383927-2722781114-901137784-1003\...\Run: [Lufiy] => C:\Users\Quentin 2\AppData\Roaming\Amatim\qysyc.exe [280064 2014-06-02] (Virtual Group)
HKU\S-1-5-21-856383927-2722781114-901137784-1003\...\Run: [Onoqduuw] => C:\Users\Quentin 2\AppData\Roaming\Kuoqdueb\yhcub.exe [284160 2014-06-02] (Virtual Group)
HKU\S-1-5-21-856383927-2722781114-901137784-1003\...\Run: [Soneipedfo] => C:\Users\Quentin 2\AppData\Roaming\Ihvutyid\ygygi.exe [284160 2014-06-02] (Virtual Group)
HKU\S-1-5-21-856383927-2722781114-901137784-1003\...\Run: [Afatinulsoedil] => C:\Users\Owner\AppData\Roaming\Xoehto\mihegaf.exe [317952 2012-02-11] (Global Trade)
HKU\S-1-5-21-856383927-2722781114-901137784-1003\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
AppInit_DLLs: C:\PROGRA~3\WINSYS~1\WINSYS~2.DLL => C:\PROGRA~3\WINSYS~1\WINSYS~2.DLL File Not Found
AppInit_DLLs-x32: c:\progra~3\winsys~1\winsys~1.dll => "c:\progra~3\winsys~1\winsys~1.dll" File Not Found
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\faedeq.exe (Global Trade)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fauwro.exe (Global Trade)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fiovci.exe (Virtual Group)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\keuwla.exe (Virtual Group)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\opib.exe ( )
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\poewox.exe (Global Trade)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qoirad.exe (Virtual Group)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\riac.exe ( )
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ufoss.exe (Virtual Group)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vysa.exe (Virtual Group)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wooxmi.exe (Virtual Group)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\woycla.exe (Virtual Group)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ynuwfa.exe (Virtual Group)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ytycmi.exe (Global Trade)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\faedeq.exe (Global Trade)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fauwro.exe (Global Trade)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fiovci.exe (Virtual Group)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\keuwla.exe (Virtual Group)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\opib.exe ( )
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\poewox.exe (Global Trade)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qoirad.exe (Virtual Group)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\riac.exe ( )
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ufoss.exe (Virtual Group)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vysa.exe (Virtual Group)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wooxmi.exe (Virtual Group)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\woycla.exe (Virtual Group)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ynuwfa.exe (Virtual Group)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ytycmi.exe (Global Trade)
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\TeeSupport\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

URLSearchHook: HKLM-x32 - (No Name) - {62cad681-699f-4f83-b87f-95584003592f} - No File
SearchScopes: HKLM - DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKLM - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {57CAD22C-98EE-46DE-B454-842736B89EA8} URL =
SearchScopes: HKLM - {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ
SearchScopes: HKLM-x32 - DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {D7F9E78C-14C8-4C3E-98EE-7E587FEF79CC} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ
SearchScopes: HKCU - {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL =
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5A564BB0-8275-4127-ABF4-146A0BD6716C}: [NameServer]8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{B072F86D-6726-4000-8BCB-5076366DB30D}: [NameServer]8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{DC6FF366-1F55-4627-A031-877E8F9F557D}: [NameServer]8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

FireFox:
========
FF ProfilePath: C:\Users\TeeSupport\AppData\Roaming\Mozilla\Firefox\Profiles\puhag60t.default
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.7.2 -> C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.7.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 -> C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.7.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: DownloadTerms - C:\Program Files (x86)\Mozilla Firefox\extensions\eoppnrqmocgit@fmwplidnapyokntwh.net [2014-02-23]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\webbooster@iminent.com [2014-02-23]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-02-23]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-02-23]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-02-23]
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox
FF HKLM\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] - C:\Program Files\IB Updater\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] - C:\Program Files\IB Updater\Firefox
FF HKLM-x32\...\Firefox\Extensions: [extension@FastFreeConverter.com] - C:\Program Files (x86)\Fast Free Converter\FastFreeConverter\extension@FastFreeConverter.com
FF HKLM-x32\...\Firefox\Extensions: [lesstabs@lesstabs.com] - C:\Program Files (x86)\Mozilla Firefox\extensions\lesstabs@lesstabs.com
FF HKLM-x32\...\Firefox\Extensions: [xz123@ya456.com] - C:\Program Files (x86)\BetterSurf\ff
FF HKLM-x32\...\Firefox\Extensions: [12x3q4@3244516.com] - C:\Program Files (x86)\Better-Surf\ff
FF HKLM-x32\...\Firefox\Extensions: [ext@WebexpEnhancedV1alpha993.net] - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha993\ff

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR StartupUrls: "hxxp://www.google.com"
CHR DefaultSearchKeyword: Google
CHR DefaultSearchURL: http://www.google.com/search?q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U7) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.70.10) - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Extension: (fcreward.100884.rs) - C:\Users\TeeSupport\AppData\Local\Google\Chrome\User Data\Default\Extensions\ambalpkabmdjkiegmapflldonihghglk [2013-08-28]
CHR Extension: (Google Drive) - C:\Users\TeeSupport\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-11]
CHR Extension: (WhiteSmoke New 1.1) - C:\Users\TeeSupport\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpghhlfbjmmjohhnonhjgpbjdlbnmapf [2014-05-30]
CHR Extension: (Chromoji - Emoji for Google Chrome™) - C:\Users\TeeSupport\AppData\Local\Google\Chrome\User Data\Default\Extensions\cahedbegdkagmcjfolhdlechbkeaieki [2014-08-11]
CHR Extension: (iVIDI.org plugin) - C:\Users\TeeSupport\AppData\Local\Google\Chrome\User Data\Default\Extensions\giacfgjdclhnmkacnfbaljbmpnelflol [2013-09-16]
CHR Extension: (RemoveThEAdApp) - C:\Users\TeeSupport\AppData\Local\Google\Chrome\User Data\Default\Extensions\knjjpgcapcjffnfoappibijoccmjpoll [2014-05-30]
CHR Extension: (Google Wallet) - C:\Users\TeeSupport\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-30]
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx [2014-05-30]
CHR HKLM-x32\...\Chrome\Extension: [abfmigjiaapipflmopkaaooigcjjdojh] - C:\Program Files (x86)\LyricsContainer\120.crx [2014-05-30]
CHR HKLM-x32\...\Chrome\Extension: [ambalpkabmdjkiegmapflldonihghglk] - C:\Users\Owner\AppData\Roaming\BucksBee Loyalty Plugin - 100884.rs for Chrome\Toolbar_production_100884_5.crx [2012-05-21]
CHR HKLM-x32\...\Chrome\Extension: [bpghhlfbjmmjohhnonhjgpbjdlbnmapf] - C:\Users\Owner\AppData\Local\CRE\bpghhlfbjmmjohhnonhjgpbjdlbnmapf.crx [2013-11-26]
CHR HKLM-x32\...\Chrome\Extension: [dedmngkbaffkenlfdcbganndoghblmap] - C:\Program Files (x86)\BetterSurf\ch\Chrome.crx [2013-11-26]
CHR HKLM-x32\...\Chrome\Extension: [dijnnljbpplhmeegmajinimgaejbfhbn] - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha993\ch\WebexpEnhancedV1alpha993.crx [2013-11-26]
CHR HKLM-x32\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx [2013-11-26]
CHR HKLM-x32\...\Chrome\Extension: [ebcplfjkimahcicablidnpnghomiggpi] - C:\Program Files (x86)\OApps\chrome-sl.crx [2013-11-26]
CHR HKLM-x32\...\Chrome\Extension: [giacfgjdclhnmkacnfbaljbmpnelflol] - C:\Program Files (x86)\iVIDI.org plugin\ividiplg.crx [2012-11-05]
CHR HKLM-x32\...\Chrome\Extension: [jifflliplgeajjdhmkcfnngfpgbjonjg] - C:\Program Files (x86)\Perion\NewTab\newTab.crx [2012-11-05]
CHR HKLM-x32\...\Chrome\Extension: [kincjchfokkeneeofpeefomkikfkiedl] - C:\Program Files (x86)\OApps\chromeaddon.crx [2012-11-05]
CHR HKLM-x32\...\Chrome\Extension: [kpdhgpkkloealnjnmepfhanpcleldbef] - C:\Program Files (x86)\Unitech LLC\ividi\1.8.23.0\ividi.crx [2012-11-05]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]
CHR HKLM-x32\...\Chrome\Extension: [mpfapcdfbbledbojijcbcclmlieaoogk] - C:\Users\Owner\AppData\Local\I Want This\Chrome\I Want This.crx [2013-05-14]
CHR HKLM-x32\...\Chrome\Extension: [mpieaakhacmfleokhjcjnpcnmnmpfkid] - C:\Program Files (x86)\fbphotozoom\fbphotozoom16.crx [2013-05-14]
CHR HKLM-x32\...\Chrome\Extension: [niapdbllcanepiiimjjndipklodoedlc] - C:\Users\Owner\AppData\Local\Temp\YontooLayers.crx [2013-05-14]
CHR HKLM-x32\...\Chrome\Extension: [pgmfkblbflahhponhjmkcnpjinenhlnc] - C:\Users\Owner\AppData\Local\Vid-Saver\Chrome\Vid-Saver.crx [2013-05-14]
CHR HKLM-x32\...\Chrome\Extension: [poheodfamflhhhdcmjfeggbgigeefaco] - C:\Program Files (x86)\Better-Surf\ch\Chrome.crx [2013-05-14]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 DcomLaunch; C:\Windows\system32\rpcss.dll [520192 2010-11-20] (Microsoft Corporation) [File not signed]
R2 iSafeService; C:\Program Files (x86)\iSafe\iSafeSvc.exe [118056 2014-06-09] (Elex do Brasil Participações Ltda)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 PnkBstrA; C:\windows\SysWOW64\PnkBstrA.exe [76888 2012-12-11] ()
R2 RpcSs; C:\Windows\system32\rpcss.dll [520192 2010-11-20] (Microsoft Corporation) [File not signed]
S2 SecurityCenterServer1065396736; C:\Users\Quentin 2\AppData\Roaming\Cufuseda\siynh.exe [280064 2014-06-02] (Virtual Group) [File not signed]
R2 SecurityCenterServer1096596917; C:\Users\Owner\AppData\Roaming\Hurupei\amnor.exe [321024 2014-01-19] (Global Trade) [File not signed]
R2 SecurityCenterServer1111580089; C:\Users\Owner\AppData\Roaming\Xoehto\mihegaf.exe [317952 2012-02-11] (Global Trade) [File not signed]
R2 SecurityCenterServer1116726850; C:\Users\Owner\AppData\Roaming\Ymhaca\woovepu.exe [284160 2014-06-02] (Virtual Group) [File not signed]
R2 SecurityCenterServer1363418141; C:\Users\Quentin 2\AppData\Roaming\Toxyca\usdia.exe [321024 2014-05-31] (Global Trade) [File not signed]
R2 SecurityCenterServer1371265576; C:\Users\TeeSupport\AppData\Roaming\Ottyuhr\odxiigt.exe [280064 2014-05-29] (Virtual Group) [File not signed]
R2 SecurityCenterServer1408155373; C:\Users\TeeSupport\AppData\Roaming\Izduaniv\yzcoca.exe [284160 2013-09-30] (Virtual Group) [File not signed]
R2 SecurityCenterServer1431051120; C:\Users\Owner\AppData\Roaming\Myuzza\worah.exe [321024 2013-03-19] (Global Trade) [File not signed]
R2 SecurityCenterServer1435531148; C:\Users\TeeSupport\AppData\Roaming\Erofwyoc\akqupec.exe [321024 2013-11-21] (Global Trade) [File not signed]
R2 SecurityCenterServer1978031584; C:\Users\TeeSupport\AppData\Roaming\Foleaxop\fyylr.exe [283136 2014-04-14] (Virtual Group) [File not signed]
R2 SecurityCenterServer2003871214; C:\Users\Owner\AppData\Roaming\Viogbe\urubaxd.exe [317952 2011-10-27] (Global Trade) [File not signed]
R2 SecurityCenterServer2092415349; C:\Users\Quentin 2\AppData\Roaming\Ovorsow\cibead.exe [280064 2014-06-02] (Virtual Group) [File not signed]
R2 SecurityCenterServer2173672188; C:\Users\Quentin 2\AppData\Roaming\Inkonaxy\ywtyer.exe [317952 2014-05-30] (Global Trade) [File not signed]
R2 SecurityCenterServer2192498991; C:\Users\Quentin 2\AppData\Roaming\Espaku\arubwi.exe [283136 2014-06-02] (Virtual Group) [File not signed]
R2 SecurityCenterServer22934426; C:\Users\Quentin 2\AppData\Roaming\Kuoqdueb\yhcub.exe [284160 2014-06-02] (Virtual Group) [File not signed]
R2 SecurityCenterServer2379301644; C:\Users\Quentin 2\AppData\Roaming\Amatim\qysyc.exe [280064 2014-06-02] (Virtual Group) [File not signed]
R2 SecurityCenterServer242100489; C:\Users\TeeSupport\AppData\Roaming\Ifzaaq\ufcao.exe [321024 2014-05-09] (Global Trade) [File not signed]
R2 SecurityCenterServer2538863618; C:\Users\Owner\AppData\Roaming\Dosaxuuq\caevo.exe [280064 2013-07-14] (Virtual Group) [File not signed]
R2 SecurityCenterServer2702152337; C:\Users\Owner\AppData\Roaming\Ilohyh\gyqafiu.exe [280064 2012-10-30] (Virtual Group) [File not signed]
R2 SecurityCenterServer2760858941; C:\Users\Owner\AppData\Roaming\Abepfom\elymat.exe [321024 2014-03-15] (Global Trade) [File not signed]
R2 SecurityCenterServer2793877117; C:\Users\Quentin 2\AppData\Roaming\Ladyqi\weequwt.exe [321024 2014-06-01] (Global Trade) [File not signed]
R2 SecurityCenterServer301616179; C:\Users\Owner\AppData\Roaming\Obnodofu\byatala.exe [283136 2014-03-03] (Virtual Group) [File not signed]
R2 SecurityCenterServer3077791864; C:\Users\Quentin 2\AppData\Roaming\Geguupqe\ywpode.exe [317952 2014-05-29] (Global Trade) [File not signed]
R2 SecurityCenterServer3180805863; C:\Users\Quentin 2\AppData\Roaming\Buohdoe\yxudp.exe [280064 2014-06-02] (Virtual Group) [File not signed]
R2 SecurityCenterServer3252293967; C:\Users\Owner\AppData\Roaming\Elmiurov\ihuttul.exe [284160 2013-11-27] (Virtual Group) [File not signed]
R2 SecurityCenterServer3462081622; C:\Users\TeeSupport\AppData\Roaming\Owsype\uperyde.exe [280064 2013-10-04] (Virtual Group) [File not signed]
R2 SecurityCenterServer3528719669; C:\Users\TeeSupport\AppData\Roaming\Iwrura\zoilhu.exe [280064 2013-12-13] (Virtual Group) [File not signed]
R2 SecurityCenterServer3543847863; C:\Users\Owner\AppData\Roaming\Gelyer\elaxpa.exe [317952 2013-09-12] (Global Trade) [File not signed]
R2 SecurityCenterServer3544098129; C:\Users\Owner\AppData\Roaming\Nyvielyn\zewoo.exe [283136 2013-04-18] (Virtual Group) [File not signed]
R2 SecurityCenterServer3734159299; C:\Users\TeeSupport\AppData\Roaming\Soypeku\uksyuz.exe [280064 2014-02-14] (Virtual Group) [File not signed]
R2 SecurityCenterServer3757644616; C:\Users\Owner\AppData\Roaming\Ufufqula\tauge.exe [321024 2013-12-29] (Global Trade) [File not signed]
R2 SecurityCenterServer3796625987; C:\Users\Owner\AppData\Roaming\Efkuylri\okwaec.exe [280064 2012-11-20] (Virtual Group) [File not signed]
R2 SecurityCenterServer4003898796; C:\Users\Quentin 2\AppData\Roaming\Loxumoas\eqhyen.exe [283136 2014-06-02] (Virtual Group) [File not signed]
R2 SecurityCenterServer404366012; C:\Users\Owner\AppData\Roaming\Wixowilu\amteug.exe [280064 2013-09-13] (Virtual Group) [File not signed]
R2 SecurityCenterServer4131731185; C:\Users\TeeSupport\AppData\Roaming\Icteuly\xeizr.exe [284160 2014-04-25] (Virtual Group) [File not signed]
R2 SecurityCenterServer4154267427; C:\Users\Quentin 2\AppData\Roaming\Ihvutyid\ygygi.exe [284160 2014-06-02] (Virtual Group) [File not signed]
S2 SecurityCenterServer551776949; C:\Users\TeeSupport\AppData\Roaming\Akitevti\ryaqo.exe [283136 2013-11-19] (Virtual Group) [File not signed]
R2 SecurityCenterServer708602951; C:\Users\TeeSupport\AppData\Roaming\Umizpo\qyage.exe [317952 2014-03-21] (Global Trade) [File not signed]
R2 SecurityCenterServer709194078; C:\Users\TeeSupport\AppData\Roaming\Ipehyg\ermafyy.exe [317952 2013-09-14] (Global Trade) [File not signed]
S3 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1025408 2014-01-09] (Enigma Software Group USA, LLC.)
R2 WebrootSpySweeperService; C:\Program Files (x86)\Webroot\Security\current\plugins\antimalware\AEI.exe [3997912 2011-10-19] (Webroot Software, Inc. (www.webroot.com))
R3 WRConsumerService; C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe [3386840 2011-12-10] (Webroot Software, Inc. )
S2 8ffb8f2d; "C:\windows\system32\rundll32.exe" "c:\progra~3\winsys~1\WinsysfilterSvc.dll",service

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 ElRawDisk; C:\windows\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] ()
S3 hitmanpro37; C:\windows\system32\drivers\hitmanpro37.sys [32512 2013-08-28] ()
R3 iSafeKrnl; C:\Program Files (x86)\iSafe\iSafeKrnl.sys [232960 2014-06-09] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlKit; C:\Program Files (x86)\iSafe\iSafeKrnlKit.sys [66048 2014-06-09] (Elex do Brasil Participações Ltda)
R1 iSafeNetFilter; C:\Program Files (x86)\iSafe\iSafeNetFilter.sys [48640 2014-06-09] (Elex do Brasil Participações Ltda)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-02] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R2 ssfmonm; C:\Windows\System32\DRIVERS\ssfmonm.sys [56408 2011-05-18] (Webroot Software, Inc. (www.webroot.com))
R0 ssidrv; C:\Windows\System32\DRIVERS\ssidrv.sys [136224 2011-05-18] (Webroot Software, Inc. (www.webroot.com))
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [X]
S3 iSafeKrnlBoot; \??\system32\DRIVERS\iSafeKrnlBoot.sys [X]
S3 X6va005; \??\C:\Users\Owner\AppData\Local\Temp\0056C0C.tmp [X]
S3 X6va006; \??\C:\Users\Owner\AppData\Local\Temp\006363C.tmp [X]
S3 X6va008; \??\C:\windows\SysWOW64\Drivers\X6va008 [X]
S3 X6va009; \??\C:\windows\SysWOW64\Drivers\X6va009 [X]
S3 X6va010; \??\C:\windows\SysWOW64\Drivers\X6va010 [X]
S3 X6va011; \??\C:\windows\SysWOW64\Drivers\X6va011 [X]
S3 X6va012; \??\C:\windows\SysWOW64\Drivers\X6va012 [X]
S3 X6va013; \??\C:\windows\SysWOW64\Drivers\X6va013 [X]
S3 X6va015; \??\C:\windows\SysWOW64\Drivers\X6va015 [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-12 17:25 - 2014-08-12 17:25 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\G001
2014-08-12 17:15 - 2014-08-12 17:29 - 00057841 _____ () C:\Users\TeeSupport\Downloads\FRST.txt
2014-08-12 17:09 - 2014-08-12 17:09 - 02099712 _____ (Farbar) C:\Users\TeeSupport\Desktop\FRST64.exe
2014-08-12 17:09 - 2014-08-12 17:09 - 00000000 ____D () C:\Users\TeeSupport\AppData\Roaming\Macromedia
2014-08-12 17:09 - 2014-08-12 17:09 - 00000000 ____D () C:\Users\TeeSupport\AppData\Local\Macromedia
2014-08-12 17:07 - 2014-08-12 17:07 - 00000000 ____D () C:\Users\TeeSupport\AppData\Local\Mozilla
2014-08-11 19:07 - 2014-08-11 19:07 - 00000000 ____D () C:\Users\TeeSupport\AppData\Roaming\G001
2014-08-11 17:55 - 2014-08-11 17:55 - 00632201 _____ () C:\Users\TeeSupport\Downloads\install.exe
2014-08-11 16:01 - 2014-08-12 17:07 - 00000000 ____D () C:\Users\TeeSupport\AppData\Roaming\Mozilla
2014-08-11 16:01 - 2014-08-11 16:01 - 00000000 ____D () C:\Users\TeeSupport\AppData\Local\G001
2014-08-11 15:48 - 2014-08-12 17:31 - 00054272 _____ () C:\windows\system32\mkmqft.tcg
2014-07-28 12:51 - 2014-07-28 12:51 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\eCyber

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-12 17:31 - 2014-08-11 15:48 - 00054272 _____ () C:\windows\system32\mkmqft.tcg
2014-08-12 17:31 - 2014-05-23 20:03 - 00000065 _____ () C:\windows\system32\rtvq.tfw
2014-08-12 17:29 - 2014-08-12 17:15 - 00057841 _____ () C:\Users\TeeSupport\Downloads\FRST.txt
2014-08-12 17:25 - 2014-08-12 17:25 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\G001
2014-08-12 17:17 - 2014-06-06 10:35 - 00000000 ____D () C:\FRST
2014-08-12 17:11 - 2013-12-24 11:12 - 00000444 ____H () C:\windows\Tasks\SK.Enabler-S-1495795506.job
2014-08-12 17:11 - 2011-07-05 22:47 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-12 17:09 - 2014-08-12 17:09 - 02099712 _____ (Farbar) C:\Users\TeeSupport\Desktop\FRST64.exe
2014-08-12 17:09 - 2014-08-12 17:09 - 00000000 ____D () C:\Users\TeeSupport\AppData\Roaming\Macromedia
2014-08-12 17:09 - 2014-08-12 17:09 - 00000000 ____D () C:\Users\TeeSupport\AppData\Local\Macromedia
2014-08-12 17:09 - 2014-05-27 20:03 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-08-12 17:07 - 2014-08-12 17:07 - 00000000 ____D () C:\Users\TeeSupport\AppData\Local\Mozilla
2014-08-12 17:07 - 2014-08-11 16:01 - 00000000 ____D () C:\Users\TeeSupport\AppData\Roaming\Mozilla
2014-08-12 17:03 - 2009-07-14 01:13 - 00005210 _____ () C:\windows\system32\PerfStringBackup.INI
2014-08-12 17:03 - 2009-07-14 00:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-12 17:03 - 2009-07-14 00:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-12 17:02 - 2014-06-25 08:21 - 00000826 _____ () C:\windows\Tasks\Security Center Update - 708602951.job
2014-08-12 17:02 - 2014-06-25 08:16 - 00000830 _____ () C:\windows\Tasks\Security Center Update - 709194078.job
2014-08-12 17:02 - 2014-06-08 20:38 - 00000800 _____ () C:\windows\Tasks\Security Center Update - 2003871214.job
2014-08-12 17:02 - 2014-06-08 20:38 - 00000796 _____ () C:\windows\Tasks\Security Center Update - 1431051120.job
2014-08-12 17:02 - 2014-06-08 20:34 - 00000802 _____ () C:\windows\Tasks\Security Center Update - 2760858941.job
2014-08-12 17:02 - 2014-06-08 20:34 - 00000800 _____ () C:\windows\Tasks\Security Center Update - 1111580089.job
2014-08-12 17:02 - 2014-06-05 20:02 - 00000800 _____ () C:\windows\Tasks\Security Center Update - 1096596917.job
2014-08-12 17:02 - 2014-06-04 20:54 - 00000830 _____ () C:\windows\Tasks\Security Center Update - 3077791864.job
2014-08-12 17:02 - 2014-06-04 20:53 - 00000830 _____ () C:\windows\Tasks\Security Center Update - 2173672188.job
2014-08-12 17:02 - 2014-06-04 19:27 - 00000830 _____ () C:\windows\Tasks\Security Center Update - 317955923.job
2014-08-12 17:02 - 2014-06-04 19:27 - 00000824 _____ () C:\windows\Tasks\Security Center Update - 2401480587.job
2014-08-12 17:02 - 2014-06-04 19:22 - 00000830 _____ () C:\windows\Tasks\Security Center Update - 62774847.job
2014-08-12 17:02 - 2014-06-04 19:22 - 00000830 _____ () C:\windows\Tasks\Security Center Update - 1551334121.job
2014-08-12 17:02 - 2014-06-04 19:22 - 00000828 _____ () C:\windows\Tasks\Security Center Update - 3997903547.job
2014-08-12 17:02 - 2014-06-04 19:22 - 00000828 _____ () C:\windows\Tasks\Security Center Update - 1392327789.job
2014-08-12 17:02 - 2014-06-04 19:22 - 00000824 _____ () C:\windows\Tasks\Security Center Update - 4072912339.job
2014-08-12 17:02 - 2014-06-04 19:22 - 00000824 _____ () C:\windows\Tasks\Security Center Update - 3272480754.job
2014-08-12 17:02 - 2014-06-04 19:22 - 00000820 _____ () C:\windows\Tasks\Security Center Update - 1823406108.job
2014-08-12 17:02 - 2014-06-04 19:22 - 00000820 _____ () C:\windows\Tasks\Security Center Update - 1276178792.job
2014-08-12 17:02 - 2014-06-04 19:21 - 00000832 _____ () C:\windows\Tasks\Security Center Update - 273463002.job
2014-08-12 17:02 - 2014-06-04 19:21 - 00000824 _____ () C:\windows\Tasks\Security Center Update - 446078145.job
2014-08-12 17:02 - 2014-06-04 18:32 - 00000838 _____ () C:\windows\Tasks\Security Center Update - 1435531148.job
2014-08-12 17:02 - 2014-06-04 18:32 - 00000834 _____ () C:\windows\Tasks\Security Center Update - 1978031584.job
2014-08-12 17:02 - 2014-06-04 18:32 - 00000830 _____ () C:\windows\Tasks\Security Center Update - 4131731185.job
2014-08-12 17:02 - 2014-06-04 18:27 - 00000836 _____ () C:\windows\Tasks\Security Center Update - 1408155373.job
2014-08-12 17:02 - 2014-06-04 18:27 - 00000834 _____ () C:\windows\Tasks\Security Center Update - 551776949.job
2014-08-12 17:02 - 2014-06-04 18:27 - 00000826 _____ () C:\windows\Tasks\Security Center Update - 242100489.job
2014-08-12 17:02 - 2014-06-03 20:38 - 00000820 _____ () C:\windows\Tasks\Security Center Update - 1363418141.job
2014-08-12 17:02 - 2014-06-03 20:37 - 00000824 _____ () C:\windows\Tasks\Security Center Update - 2793877117.job
2014-08-12 17:02 - 2014-06-02 19:06 - 00000822 _____ () C:\windows\Tasks\Security Center Update - 2192498991.job
2014-08-12 17:02 - 2014-06-02 19:03 - 00000830 _____ () C:\windows\Tasks\Security Center Update - 4003898796.job
2014-08-12 17:02 - 2014-06-01 20:22 - 00000808 _____ () C:\windows\Tasks\Security Center Update - 301616179.job
2014-08-12 17:02 - 2014-06-01 20:20 - 00000804 _____ () C:\windows\Tasks\Security Center Update - 3544098129.job
2014-08-12 17:02 - 2014-05-31 21:48 - 00000828 _____ () C:\windows\Tasks\Security Center Update - 4154267427.job
2014-08-12 17:02 - 2014-05-31 21:45 - 00000828 _____ () C:\windows\Tasks\Security Center Update - 22934426.job
2014-08-12 17:02 - 2014-05-31 19:56 - 00000808 _____ () C:\windows\Tasks\Security Center Update - 3252293967.job
2014-08-12 17:02 - 2014-05-31 19:09 - 00000800 _____ () C:\windows\Tasks\Security Center Update - 1116726850.job
2014-08-12 17:02 - 2014-05-30 23:09 - 00000830 _____ () C:\windows\Tasks\Security Center Update - 3462081622.job
2014-08-12 17:02 - 2014-05-30 23:08 - 00000834 _____ () C:\windows\Tasks\Security Center Update - 1371265576.job
2014-08-12 17:02 - 2014-05-30 23:08 - 00000828 _____ () C:\windows\Tasks\Security Center Update - 3528719669.job
2014-08-12 17:02 - 2014-05-30 23:07 - 00000832 _____ () C:\windows\Tasks\Security Center Update - 3734159299.job
2014-08-12 17:02 - 2014-05-28 20:38 - 00006608 _____ () C:\windows\setupact.log
2014-08-12 17:02 - 2014-05-28 20:31 - 00000828 _____ () C:\windows\Tasks\Security Center Update - 1065396736.job
2014-08-12 17:02 - 2014-05-28 20:31 - 00000826 _____ () C:\windows\Tasks\Security Center Update - 2092415349.job
2014-08-12 17:02 - 2014-05-28 20:30 - 00000824 _____ () C:\windows\Tasks\Security Center Update - 3180805863.job
2014-08-12 17:02 - 2014-05-28 20:30 - 00000820 _____ () C:\windows\Tasks\Security Center Update - 2379301644.job
2014-08-12 17:02 - 2014-05-28 19:51 - 00000800 _____ () C:\windows\Tasks\Security Center Update - 2702152337.job
2014-08-12 17:02 - 2014-05-28 19:50 - 00000806 _____ () C:\windows\Tasks\Security Center Update - 3796625987.job
2014-08-12 17:02 - 2014-05-27 19:09 - 00000806 _____ () C:\windows\Tasks\Security Center Update - 404366012.job
2014-08-12 17:02 - 2014-05-27 19:06 - 00000804 _____ () C:\windows\Tasks\Security Center Update - 2538863618.job
2014-08-12 17:02 - 2011-07-05 22:47 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-11 19:16 - 2014-05-23 20:15 - 00000080 _____ () C:\windows\system32\ibko.lft
2014-08-11 19:11 - 2014-01-02 22:14 - 00000000 ____D () C:\Program Files (x86)\iSafe
2014-08-11 19:07 - 2014-08-11 19:07 - 00000000 ____D () C:\Users\TeeSupport\AppData\Roaming\G001
2014-08-11 19:03 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-08-11 17:55 - 2014-08-11 17:55 - 00632201 _____ () C:\Users\TeeSupport\Downloads\install.exe
2014-08-11 17:53 - 2013-08-28 20:40 - 00000000 ____D () C:\Users\TeeSupport\AppData\Local\CrashDumps
2014-08-11 16:18 - 2014-04-28 21:56 - 00000000 ___RD () C:\Users\Owner\Google Drive
2014-08-11 16:12 - 2014-05-27 20:03 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-08-11 16:11 - 2012-04-16 07:44 - 00699056 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-08-11 16:11 - 2011-12-30 12:39 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-11 16:01 - 2014-08-11 16:01 - 00000000 ____D () C:\Users\TeeSupport\AppData\Local\G001
2014-08-11 13:56 - 2009-07-14 01:08 - 00032546 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-08-11 13:42 - 2012-12-11 14:04 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-07-28 13:09 - 2014-05-30 23:07 - 00000000 ____D () C:\Users\TeeSupport\AppData\Roaming\isafe
2014-07-28 13:05 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\NDF
2014-07-28 12:53 - 2014-05-04 17:22 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\isafe
2014-07-28 12:51 - 2014-07-28 12:51 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\eCyber
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install

Files to move or delete:
====================
C:\ProgramData\AjguVwok.dat
C:\ProgramData\ArurXuqta.dat
C:\ProgramData\AsebHezv.dat
C:\ProgramData\EfciPgadi.dat
C:\ProgramData\EmokRenb.dat
C:\ProgramData\ExkaTijun.dat
C:\ProgramData\ExubNosul.dat
C:\ProgramData\IcevIrof.dat
C:\ProgramData\OrjaTipg.dat
C:\ProgramData\OvgirHavdu.dat
C:\Users\Guest\befukocsejyr.exe
C:\Users\Guest\AppData\Roaming\cache.ini
C:\Users\Owner\porluibacpap.exe
C:\Users\Owner\AppData\Roaming\cache.ini
C:\Users\Public\AutoUpdate.exe
C:\Users\Quentin 2\befukocsejyr.exe
C:\Users\Quentin 2\cihuqcyrilwy.exe
C:\Users\Quentin 2\porluibacpap.exe
C:\Users\Quentin 3\befukocsejyr.exe
C:\Users\TeeSupport\porluibacpap.exe


Some content of TEMP:
====================
C:\Users\Guest\AppData\Local\Temp\gm7gegh7.dll
C:\Users\Owner\AppData\Local\Temp\427F.exe
C:\Users\Owner\AppData\Local\Temp\9D86.exe
C:\Users\Owner\AppData\Local\Temp\appinstal1.exe
C:\Users\Owner\AppData\Local\Temp\applinstall.exe
C:\Users\Owner\AppData\Local\Temp\Better-Surf.exe
C:\Users\Owner\AppData\Local\Temp\BetterSurf.exe
C:\Users\Owner\AppData\Local\Temp\BetterSurfPlusInstaller.exe
C:\Users\Owner\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp_h4fsn.dll
C:\Users\Owner\AppData\Local\Temp\F1CD.exe
C:\Users\Owner\AppData\Local\Temp\installerdll17229936.dll
C:\Users\Owner\AppData\Local\Temp\installerdll17250403.dll
C:\Users\Owner\AppData\Local\Temp\notepad.exe
C:\Users\Owner\AppData\Local\Temp\nse1825.exe
C:\Users\Owner\AppData\Local\Temp\nso44E2.exe
C:\Users\Owner\AppData\Local\Temp\nso6676.exe
C:\Users\Owner\AppData\Local\Temp\nsoFEB.exe
C:\Users\Owner\AppData\Local\Temp\pb6chs_p.dll
C:\Users\Owner\AppData\Local\Temp\rootsupd.exe
C:\Users\Owner\AppData\Local\Temp\set-app.exe
C:\Users\Owner\AppData\Local\Temp\setapp.exe
C:\Users\Owner\AppData\Local\Temp\Setup-a.exe
C:\Users\Owner\AppData\Local\Temp\setup.exe
C:\Users\Owner\AppData\Local\Temp\Setup1.exe
C:\Users\Owner\AppData\Local\Temp\Setup2.exe
C:\Users\Owner\AppData\Local\Temp\setup__4610.exe
C:\Users\Owner\AppData\Local\Temp\SHSetup.exe
C:\Users\Owner\AppData\Local\Temp\SPSetup.exe
C:\Users\Owner\AppData\Local\Temp\SPStub.exe
C:\Users\Owner\AppData\Local\Temp\tbWhit.dll
C:\Users\Owner\AppData\Local\Temp\The_Weather_Channel_Application.exe
C:\Users\Owner\AppData\Local\Temp\uninst1.exe
C:\Users\Owner\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Owner\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Owner\AppData\Local\Temp\WindowsInstaller-KB893803-v2-x86.exe
C:\Users\Owner\AppData\Local\Temp\{E1331122-9583-4B09-ABA4-E81D4AADCB74}.exe
C:\Users\TeeSupport\AppData\Local\Temp\InstallAsk.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll
[2010-11-20 23:24] - [2010-11-20 23:24] - 0520192 ____A (Microsoft Corporation) 1FB31A36E13B295C14AD614A71DA684E

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender


LastRegBack: 2014-08-11 14:27

==================== End Of Log ============================

2. Addition.txt:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-08-2014
Ran by TeeSupport (administrator) on OWNER-PC on 12-08-2014 17:15:13
Running from C:\Users\TeeSupport\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\iSafe\iSafeSvc.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\iSafe\iSafeSvc2.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\iSafe\iSafeTray.exe
(Virtual Group) C:\Users\Quentin 2\AppData\Roaming\Ihvutyid\ygygi.exe
(Virtual Group) C:\Users\Owner\AppData\Roaming\Obnodofu\byatala.exe
(Global Trade) C:\Users\Owner\AppData\Roaming\Xoehto\mihegaf.exe
() C:\Users\TeeSupport\porluibacpap.exe
(Virtual Group) C:\Users\Owner\AppData\Roaming\Efkuylri\okwaec.exe
(Webroot Software, Inc. ) C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe
() C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\psvchost.exe
( ) C:\Users\TeeSupport\AppData\Roaming\Caifyz\fyylk.exe
(Global Trade) C:\Users\Quentin 2\AppData\Roaming\Ladyqi\weequwt.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Global Trade) C:\Windows\SysWOW64\apdah.exe
(Global Trade) C:\Windows\SysWOW64\huwaic.exe
(Virtual Group) C:\Windows\SysWOW64\zousy.exe
(Global Trade) C:\Windows\SysWOW64\dobaxetiuv.exe
(Virtual Group) C:\Windows\SysWOW64\yfigom.exe
(Virtual Group) C:\Windows\SysWOW64\cyvyfunai.exe
(Mozilla Foundation) C:\Users\TeeSupport\AppData\Local\Temp\temp7D8462B2-296E\xulrunner.exe
(Global Trade) C:\Windows\SysWOW64\uvciecygem.exe
(Global Trade) C:\Windows\SysWOW64\afvicoodb.exe
(Virtual Group) C:\Windows\SysWOW64\raygu.exe
(Global Trade) C:\Windows\SysWOW64\ugisuxcyqe.exe
(Virtual Group) C:\Windows\SysWOW64\ymalk.exe
(Global Trade) C:\Windows\SysWOW64\rerotyliaz.exe
(Virtual Group) C:\Windows\SysWOW64\tyduil.exe
(Virtual Group) C:\Windows\SysWOW64\decerae.exe
(Virtual Group) C:\Windows\SysWOW64\uzboqywuo.exe
(Global Trade) C:\Windows\SysWOW64\asywd.exe
(Virtual Group) C:\Windows\SysWOW64\ovgoc.exe
(Virtual Group) C:\Windows\SysWOW64\tixia.exe
(Global Trade) C:\Windows\SysWOW64\ywwiyxecko.exe
(Global Trade) C:\Windows\SysWOW64\ilipicoxe.exe
(Virtual Group) C:\Windows\SysWOW64\uptiko.exe
(Global Trade) C:\Windows\SysWOW64\ceymynq.exe
(Virtual Group) C:\Windows\SysWOW64\yrylulxet.exe
(Virtual Group) C:\Windows\SysWOW64\lefoezru.exe
(Virtual Group) C:\Windows\SysWOW64\yquxkoic.exe
(Virtual Group) C:\Windows\SysWOW64\ecvumuipa.exe
(Global Trade) C:\Windows\SysWOW64\oszuur.exe
(Virtual Group) C:\Windows\SysWOW64\unizlo.exe
(Virtual Group) C:\Windows\SysWOW64\igyzloo.exe
(Global Trade) C:\Windows\SysWOW64\ocitm.exe
(Virtual Group) C:\Windows\SysWOW64\vaemd.exe
(Virtual Group) C:\Windows\SysWOW64\toehti.exe
(Virtual Group) C:\Windows\SysWOW64\eknaciby.exe
(Virtual Group) C:\Windows\SysWOW64\sixuocxaru.exe
(Virtual Group) C:\Windows\SysWOW64\adryugu.exe
(Global Trade) C:\Windows\SysWOW64\besud.exe
(Global Trade) C:\Windows\SysWOW64\hyyxheqiap.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(Webroot Software, Inc. (www.webroot.com)) C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\AEI.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Webroot Software, Inc. ) C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Woodtale Technology Inc.) C:\Program Files (x86)\iSafe\dup.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\iSafe\iSafeTray.exe
(Virtual Group) C:\Users\Owner\AppData\Roaming\Dosaxuuq\caevo.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
(Virtual Group) C:\Users\Owner\AppData\Roaming\Elmiurov\ihuttul.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Virtual Group) C:\Users\Owner\AppData\Roaming\Obnodofu\byatala.exe
(Global Trade) C:\Users\Quentin 2\AppData\Roaming\Ladyqi\weequwt.exe
(Global Trade) C:\Users\Quentin 2\AppData\Roaming\Inkonaxy\ywtyer.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(ooVoo LLC) C:\Program Files (x86)\oovoo\ooVoo.exe
(Akamai Technologies, Inc.) C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe
( ) C:\Users\Owner\AppData\Roaming\Naem\ivygh.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Akamai Technologies, Inc.) C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe
() C:\Users\Owner\porluibacpap.exe
(Microsoft Corporation) C:\Windows\SysWOW64\runonce.exe
(Dropbox, Inc.) C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Webroot Software, Inc. ) C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe
() C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\psvchost.exe
(Virtual Group) C:\Users\Guest\AppData\Roaming\Vyweolco\omorzuu.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
(Virtual Group) C:\Users\Quentin 2\AppData\Roaming\Kuoqdueb\yhcub.exe
(Virtual Group) C:\Users\Owner\AppData\Roaming\Obnodofu\byatala.exe
(Virtual Group) C:\Users\TeeSupport\AppData\Roaming\Izduaniv\yzcoca.exe
(Virtual Group) C:\Users\TeeSupport\AppData\Roaming\Akitevti\ryaqo.exe
(Virtual Group) C:\Users\Owner\AppData\Roaming\Dosaxuuq\caevo.exe
(Virtual Group) C:\Users\TeeSupport\AppData\Roaming\Foleaxop\fyylr.exe
(Global Trade) C:\Users\Guest\AppData\Roaming\Olqice\guuvo.exe
(Virtual Group) C:\Users\Quentin 3\AppData\Roaming\Agekhu\itzuy.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [Yrtuazpooxudzi] => C:\Users\Owner\AppData\Roaming\Dosaxuuq\caevo.exe [280064 2013-07-14] (Virtual Group)
HKLM\...\Run: [Ohynseilylny] => C:\Users\Owner\AppData\Roaming\Ilohyh\gyqafiu.exe [280064 2012-10-30] (Virtual Group)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-07-09] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-04-23] (TOSHIBA Corporation)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2588456 2010-11-11] (ELAN Microelectronics Corp.)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [915320 2010-05-10] (TOSHIBA Corporation)
HKLM\...\Run: [Eznovusaobwa] => C:\Users\Owner\AppData\Roaming\Ymhaca\woovepu.exe [284160 2014-06-02] (Virtual Group)
HKLM\...\Run: [Osalpymywio] => C:\Users\Owner\AppData\Roaming\Elmiurov\ihuttul.exe [284160 2013-11-27] (Virtual Group)
HKLM\...\Run: [Soneipedfo] => C:\Users\Quentin 2\AppData\Roaming\Ihvutyid\ygygi.exe [284160 2014-06-02] (Virtual Group)
HKLM\...\Run: [Uluzedofveyz] => C:\Users\Owner\AppData\Roaming\Efkuylri\okwaec.exe [280064 2012-11-20] (Virtual Group)
HKLM\...\Run: [Yzlyubiguh] => C:\Users\Owner\AppData\Roaming\Obnodofu\byatala.exe [283136 2014-03-03] (Virtual Group)
HKLM\...\Run: [Yzgyabt] => C:\Users\Quentin 2\AppData\Roaming\Loxumoas\eqhyen.exe [283136 2014-06-02] (Virtual Group)
HKLM\...\Run: [Uhiwlagaocba] => C:\Users\TeeSupport\AppData\Roaming\Soypeku\uksyuz.exe [280064 2014-02-14] (Virtual Group)
HKLM\...\Run: [Okoseqreannyapp] => C:\Users\Quentin 2\AppData\Roaming\Ladyqi\weequwt.exe [321024 2014-06-01] (Global Trade)
HKLM\...\Run: [Wiryo] => C:\Users\Quentin 2\AppData\Roaming\Buohdoe\yxudp.exe [280064 2014-06-02] (Virtual Group)
HKLM\...\Run: [Yngaorav] => C:\Users\Quentin 2\AppData\Roaming\Inkonaxy\ywtyer.exe [317952 2014-05-30] (Global Trade)
HKLM\...\Run: [Irdoqunutyy] => C:\Users\Quentin 3\AppData\Roaming\Wusuafo\alsey.exe [284160 2014-06-04] (Virtual Group)
HKLM\...\Run: [Lufiy] => C:\Users\Quentin 2\AppData\Roaming\Amatim\qysyc.exe [280064 2014-06-02] (Virtual Group)
HKLM\...\Run: [Onoqduuw] => C:\Users\Quentin 2\AppData\Roaming\Kuoqdueb\yhcub.exe [284160 2014-06-02] (Virtual Group)
HKLM\...\Run: [Wauwz] => C:\Users\Quentin 2\AppData\Roaming\Toxyca\usdia.exe [321024 2014-05-31] (Global Trade)
HKLM\...\Run: [Alracoukzak] => C:\Users\Owner\AppData\Roaming\Gelyer\elaxpa.exe [317952 2013-09-12] (Global Trade)
HKLM\...\Run: [Daobezzagu] => C:\Users\Guest\AppData\Roaming\Vyweolco\omorzuu.exe [283136 2012-01-07] (Virtual Group)
HKLM\...\Run: [Qiyxdoz] => C:\Users\Quentin 2\AppData\Roaming\Geguupqe\ywpode.exe [317952 2014-05-29] (Global Trade)
HKLM\...\Run: [Afatinulsoedil] => C:\Users\Owner\AppData\Roaming\Xoehto\mihegaf.exe [317952 2012-02-11] (Global Trade)
HKLM\...\Run: [Xaoskiorkilir] => C:\Users\Owner\AppData\Roaming\Viogbe\urubaxd.exe [317952 2011-10-27] (Global Trade)
HKLM\...\Run: [Ydyly] => C:\Users\Owner\AppData\Roaming\Myuzza\worah.exe [321024 2013-03-19] (Global Trade)
HKLM\...\Run: [Ibolexso] => C:\Users\Owner\AppData\Roaming\Wixowilu\amteug.exe [280064 2013-09-13] (Virtual Group)
HKLM-x32\...\Run: [Wiryo] => C:\Users\Quentin 2\AppData\Roaming\Buohdoe\yxudp.exe [280064 2014-06-02] (Virtual Group)
HKLM-x32\...\Run: [Xevizeabiwil] => C:\Users\TeeSupport\AppData\Roaming\Owsype\uperyde.exe [280064 2013-10-04] (Virtual Group)
HKLM-x32\...\Run: [Leuzilhaxisayp] => C:\Users\TeeSupport\AppData\Roaming\Iwrura\zoilhu.exe [280064 2013-12-13] (Virtual Group)
HKLM-x32\...\Run: [Uhiwlagaocba] => C:\Users\TeeSupport\AppData\Roaming\Soypeku\uksyuz.exe [280064 2014-02-14] (Virtual Group)
HKLM-x32\...\Run: [Uluzedofveyz] => C:\Users\Owner\AppData\Roaming\Efkuylri\okwaec.exe [280064 2012-11-20] (Virtual Group)
HKLM-x32\...\Run: [Ibolexso] => C:\Users\Owner\AppData\Roaming\Wixowilu\amteug.exe [280064 2013-09-13] (Virtual Group)
HKLM-x32\...\Run: [WebrootTrayApp] => C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe [1382984 2011-12-10] (Webroot Software, Inc. )
HKLM-x32\...\Run: [RestServiceWindows2014] => C:\windows\SysWOW64\config\systemprofile\AppData\Roaming\psvchost.exe [141312 2014-05-31] ()
HKLM-x32\...\Run: [Eznovusaobwa] => C:\Users\Owner\AppData\Roaming\Ymhaca\woovepu.exe [284160 2014-06-02] (Virtual Group)
HKLM-x32\...\Run: [Yzgyabt] => C:\Users\Quentin 2\AppData\Roaming\Loxumoas\eqhyen.exe [283136 2014-06-02] (Virtual Group)
HKLM-x32\...\Run: [Hypuv] => C:\Users\Quentin 2\AppData\Roaming\Espaku\arubwi.exe [283136 2014-06-02] (Virtual Group)
HKLM-x32\...\Run: [Yzelqaroum] => C:\Users\Owner\AppData\Roaming\Nyvielyn\zewoo.exe [283136 2013-04-18] (Virtual Group)
HKLM-x32\...\Run: [Osalpymywio] => C:\Users\Owner\AppData\Roaming\Elmiurov\ihuttul.exe [284160 2013-11-27] (Virtual Group)
HKLM-x32\...\Run: [Onoqduuw] => C:\Users\Quentin 2\AppData\Roaming\Kuoqdueb\yhcub.exe [284160 2014-06-02] (Virtual Group)
HKLM-x32\...\Run: [Soneipedfo] => C:\Users\Quentin 2\AppData\Roaming\Ihvutyid\ygygi.exe [284160 2014-06-02] (Virtual Group)
HKLM-x32\...\Run: [Yrtuazpooxudzi] => C:\Users\Owner\AppData\Roaming\Dosaxuuq\caevo.exe [280064 2013-07-14] (Virtual Group)
HKLM-x32\...\Run: [Haifetor] => C:\Users\Quentin 2\AppData\Roaming\Cufuseda\siynh.exe [280064 2014-06-02] (Virtual Group)
HKLM-x32\...\Run: [Yzlyubiguh] => C:\Users\Owner\AppData\Roaming\Obnodofu\byatala.exe [283136 2014-03-03] (Virtual Group)
HKLM-x32\...\Run: [Ohynseilylny] => C:\Users\Owner\AppData\Roaming\Ilohyh\gyqafiu.exe [280064 2012-10-30] (Virtual Group)
HKLM-x32\...\Run: [Omonuqviqa] => C:\Users\TeeSupport\AppData\Roaming\Ottyuhr\odxiigt.exe [280064 2014-05-29] (Virtual Group)
HKLM-x32\...\Run: [Lufiy] => C:\Users\Quentin 2\AppData\Roaming\Amatim\qysyc.exe [280064 2014-06-02] (Virtual Group)
HKLM-x32\...\Run: [Begowaurxaoszi] => C:\Users\Quentin 2\AppData\Roaming\Ovorsow\cibead.exe [280064 2014-06-02] (Virtual Group)
HKLM-x32\...\Run: [Okoseqreannyapp] => C:\Users\Quentin 2\AppData\Roaming\Ladyqi\weequwt.exe [321024 2014-06-01] (Global Trade)
HKLM-x32\...\Run: [Wauwz] => C:\Users\Quentin 2\AppData\Roaming\Toxyca\usdia.exe [321024 2014-05-31] (Global Trade)
HKLM-x32\...\Run: [Yvivefyzygyhew] => C:\Users\TeeSupport\AppData\Roaming\Izduaniv\yzcoca.exe [284160 2013-09-30] (Virtual Group)
HKLM-x32\...\Run: [Tetaxevaih] => C:\Users\TeeSupport\AppData\Roaming\Akitevti\ryaqo.exe [283136 2013-11-19] (Virtual Group)
HKLM-x32\...\Run: [Okodpogeoc] => C:\Users\TeeSupport\AppData\Roaming\Ifzaaq\ufcao.exe [321024 2014-05-09] (Global Trade)
HKLM-x32\...\Run: [Azedbixifuvevor] => C:\Users\TeeSupport\AppData\Roaming\Foleaxop\fyylr.exe [283136 2014-04-14] (Virtual Group)
HKLM-x32\...\Run: [Uzolypafgeobeny] => C:\Users\TeeSupport\AppData\Roaming\Icteuly\xeizr.exe [284160 2014-04-25] (Virtual Group)
HKLM-x32\...\Run: [Kibetooqem] => C:\Users\TeeSupport\AppData\Roaming\Erofwyoc\akqupec.exe [321024 2013-11-21] (Global Trade)
HKLM-x32\...\Run: [Lyoqcoesbyvya] => C:\Users\Quentin 3\AppData\Roaming\Miifhic\xexuw.exe [280064 2014-06-04] (Virtual Group)
HKLM-x32\...\Run: [Saeqakok] => C:\Users\Quentin 3\AppData\Roaming\Hyypogpa\xeqoqaz.exe [321024 2014-06-04] (Global Trade)
HKLM-x32\...\Run: [Irdoqunutyy] => C:\Users\Quentin 3\AppData\Roaming\Wusuafo\alsey.exe [284160 2014-06-04] (Virtual Group)
HKLM-x32\...\Run: [Otozgaqaby] => C:\Users\Quentin 3\AppData\Roaming\Agekhu\itzuy.exe [283136 2014-06-04] (Virtual Group)
HKLM-x32\...\Run: [Ymedka] => C:\Users\Quentin 3\AppData\Roaming\Urwaitk\wayge.exe [317952 2014-06-04] (Global Trade)
HKLM-x32\...\Run: [Yngaorav] => C:\Users\Quentin 2\AppData\Roaming\Inkonaxy\ywtyer.exe [317952 2014-05-30] (Global Trade)
HKLM-x32\...\Run: [Qiyxdoz] => C:\Users\Quentin 2\AppData\Roaming\Geguupqe\ywpode.exe [317952 2014-05-29] (Global Trade)
HKLM-x32\...\Run: [Ukgepium] => C:\Users\Owner\AppData\Roaming\Hurupei\amnor.exe [321024 2014-01-19] (Global Trade)
HKLM-x32\...\Run: [Alracoukzak] => C:\Users\Owner\AppData\Roaming\Gelyer\elaxpa.exe [317952 2013-09-12] (Global Trade)
HKLM-x32\...\Run: [Ubokkecibyg] => C:\Users\Owner\AppData\Roaming\Ufufqula\tauge.exe [321024 2013-12-29] (Global Trade)
HKLM-x32\...\Run: [Yrnoafigwaqike] => C:\Users\Guest\AppData\Roaming\Ixodboi\atturuo.exe [280064 2012-08-27] (Virtual Group)
HKLM-x32\...\Run: [Zimoufyllec] => C:\Users\Guest\AppData\Roaming\Bacuacsy\teossuv.exe [317952 2014-06-04] (Global Trade)
HKLM-x32\...\Run: [Toyge] => C:\Users\Guest\AppData\Roaming\Olqice\guuvo.exe [321024 2013-12-13] (Global Trade)
HKLM-x32\...\Run: [Daobezzagu] => C:\Users\Guest\AppData\Roaming\Vyweolco\omorzuu.exe [283136 2012-01-07] (Virtual Group)
HKLM-x32\...\Run: [Meeqazox] => C:\Users\Guest\AppData\Roaming\Wegari\ylzasyi.exe [284160 2012-12-27] (Virtual Group)
HKLM-x32\...\Run: [Alwaygirhe] => C:\Users\Owner\AppData\Roaming\Abepfom\elymat.exe [321024 2014-03-15] (Global Trade)
HKLM-x32\...\Run: [Afatinulsoedil] => C:\Users\Owner\AppData\Roaming\Xoehto\mihegaf.exe [317952 2012-02-11] (Global Trade)
HKLM-x32\...\Run: [Ydyly] => C:\Users\Owner\AppData\Roaming\Myuzza\worah.exe [321024 2013-03-19] (Global Trade)
HKLM-x32\...\Run: [Xaoskiorkilir] => C:\Users\Owner\AppData\Roaming\Viogbe\urubaxd.exe [317952 2011-10-27] (Global Trade)
HKLM-x32\...\Run: [Daowykci] => C:\Users\TeeSupport\AppData\Roaming\Ipehyg\ermafyy.exe [317952 2013-09-14] (Global Trade)
HKLM-x32\...\Run: [Zyibhesyexuk] => C:\Users\TeeSupport\AppData\Roaming\Umizpo\qyage.exe [317952 2014-03-21] (Global Trade)
HKLM-x32\...\Run: [Regedit32] => C:\windows\SysWOW64\regedit.exe [398336 2009-07-13] (Microsoft Corporation)
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Malwarebytes' Anti-Malware <====== ATTENTION
Winlogon\Notify\ecnshfl-x32: C:\windows\SysWOW64\config\systemprofile\AppData\Local\ecnshfl.dll ()
Winlogon\Notify\hloipte-x32: C:\windows\SysWOW64\config\systemprofile\AppData\Local\hloipte.dll ()
Winlogon\Notify\miollie-x32: C:\windows\SysWOW64\config\systemprofile\AppData\Local\miollie.dll ()
Winlogon\Notify\otrokes-x32: C:\windows\SysWOW64\config\systemprofile\AppData\Local\otrokes.dll ()
Winlogon\Notify\otrukos-x32: C:\windows\SysWOW64\config\systemprofile\AppData\Local\otrukos.dll ()
Winlogon\Notify\vehsisn-x32: C:\windows\SysWOW64\config\systemprofile\AppData\Local\vehsisn.dll ()
Winlogon\Notify\vlsdjww-x32: C:\windows\SysWOW64\config\systemprofile\AppData\Local\vlsdjww.dll ()
HKU\.DEFAULT\...\Run: [Akamai] => rundll32 "C:\Users\Owner\AppData\Local\Microsoft Games\Akamai\acmhkb.dll",DllRegisterServer <===== ATTENTION
HKU\.DEFAULT\...\Run: [BackgroundContainer] => "C:\windows\SysWOW64\Rundll32.exe" "C:\Users\Owner\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <===== ATTENTION
HKU\.DEFAULT\...\Run: [hloipte] => rundll32 "C:\windows\system32\config\systemprofile\AppData\Local\hloipte.dll",hloipte <===== ATTENTION
HKU\.DEFAULT\...\Run: [extrCERT] => C:\windows\system32\Magntend.exe
HKU\.DEFAULT\...\Run: [AjguVwok] => regsvr32.exe "C:\ProgramData\AjguVwok.dat"
HKU\.DEFAULT\...\Run: [OrjaTipg] => regsvr32.exe "C:\ProgramData\OrjaTipg.dat"
HKU\.DEFAULT\...\Run: [miollie] => rundll32 "C:\windows\system32\config\systemprofile\AppData\Local\miollie.dll",miollie <===== ATTENTION
HKU\.DEFAULT\...\Run: [explInit] => C:\windows\system32\Magnocom.exe
HKU\.DEFAULT\...\Run: [Yrtuazpooxudzi] => C:\Users\Owner\AppData\Roaming\Dosaxuuq\caevo.exe [280064 2013-07-14] (Virtual Group)
HKU\.DEFAULT\...\Run: [ecnshfl] => rundll32 "C:\windows\system32\config\systemprofile\AppData\Local\ecnshfl.dll",ecnshfl <===== ATTENTION
HKU\.DEFAULT\...\Run: [expaSVCS] => C:\windows\system32\logmmsra.exe
HKU\.DEFAULT\...\Run: [expaetup] => C:\windows\system32\logmaint.exe
HKU\.DEFAULT\...\Run: [befukocsejyr] => C:\windows\system32\config\systemprofile\befukocsejyr.exe
HKU\.DEFAULT\...\Run: [vlsdjww] => rundll32 "C:\windows\system32\config\systemprofile\AppData\Local\vlsdjww.dll",vlsdjww <===== ATTENTION
HKU\.DEFAULT\...\Run: [ExubNosul] => regsvr32.exe "C:\ProgramData\ExubNosul.dat"
HKU\.DEFAULT\...\Run: [ExkaTijun] => regsvr32.exe "C:\ProgramData\ExkaTijun.dat"
HKU\.DEFAULT\...\Run: [evenkill] => C:\windows\system32\logashta.exe
HKU\.DEFAULT\...\Run: [vehsisn] => rundll32 "C:\windows\system32\config\systemprofile\AppData\Local\vehsisn.dll",vehsisn <===== ATTENTION
HKU\.DEFAULT\...\Run: [eudctray] => C:\windows\system32\lefotvol.exe
HKU\.DEFAULT\...\Run: [eudcmote] => C:\windows\system32\lefosync.exe
HKU\.DEFAULT\...\Run: [IcevIrof] => regsvr32.exe "C:\ProgramData\IcevIrof.dat"
HKU\.DEFAULT\...\Run: [EmokRenb] => regsvr32.exe "C:\ProgramData\EmokRenb.dat"
HKU\.DEFAULT\...\Run: [otrokes] => rundll32 "C:\windows\system32\config\systemprofile\AppData\Local\otrokes.dll",otrokes <===== ATTENTION
HKU\.DEFAULT\...\Run: [EfciPgadi] => regsvr32.exe "C:\ProgramData\EfciPgadi.dat"
HKU\.DEFAULT\...\Run: [OvgirHavdu] => regsvr32.exe "C:\ProgramData\OvgirHavdu.dat"
HKU\.DEFAULT\...\Run: [otrukos] => rundll32 "C:\windows\system32\config\systemprofile\AppData\Local\otrukos.dll",otrukos <===== ATTENTION
HKU\.DEFAULT\...\Run: [AsebHezv] => regsvr32.exe "C:\ProgramData\AsebHezv.dat"
HKU\.DEFAULT\...\Run: [ArurXuqta] => regsvr32.exe "C:\ProgramData\ArurXuqta.dat"
HKU\.DEFAULT\...\Policies\Explorer\Run: [ProcessW  Å GetEntry_DeProcess Mutex] => C:\windows\system32\config\systemprofile\AppData\Roaming\udbsfdsv\iedjfsfe.exe
HKU\S-1-5-19\...\Run: [Akamai] => rundll32 "C:\Users\Owner\AppData\Local\Microsoft Games\Akamai\acmhkb.dll",DllRegisterServer <===== ATTENTION
HKU\S-1-5-20\...\Run: [Akamai] => rundll32 "C:\Users\Owner\AppData\Local\Microsoft Games\Akamai\acmhkb.dll",DllRegisterServer <===== ATTENTION
HKU\S-1-5-21-856383927-2722781114-901137784-1000\...\Run: [Yrtuazpooxudzi] => C:\Users\Owner\AppData\Roaming\Dosaxuuq\caevo.exe [280064 2013-07-14] (Virtual Group)
HKU\S-1-5-21-856383927-2722781114-901137784-1000\...\Run: [Ohynseilylny] => C:\Users\Owner\AppData\Roaming\Ilohyh\gyqafiu.exe [280064 2012-10-30] (Virtual Group)
HKU\S-1-5-21-856383927-2722781114-901137784-1000\...\Run: [{E776CC13-CD78-C7C1-DA45-94B36D6A9CA5}] => C:\Users\Owner\AppData\Roaming\Naem\ivygh.exe [231424 2013-11-20] ( )
HKU\S-1-5-21-856383927-2722781114-901137784-1000\...\Run: [Twtion Update] => "regsvr32.exe" C:\Users\Owner\AppData\Local\Twtion\aqReporter.dll
HKU\S-1-5-21-856383927-2722781114-901137784-1000\...\Run: [Twtion] => "regsvr32.exe" C:\Users\Owner\AppData\Local\Twtion\aqReporter.dll <===== ATTENTION
HKU\S-1-5-21-856383927-2722781114-901137784-1000\...\Run: [ooVoo.exe] => C:\Program Files (x86)\oovoo\ooVoo.exe [36151360 2014-02-23] (ooVoo LLC)
HKU\S-1-5-21-856383927-2722781114-901137784-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-856383927-2722781114-901137784-1000\...\Run: [Eznovusaobwa] => C:\Users\Owner\AppData\Roaming\Ymhaca\woovepu.exe [284160 2014-06-02] (Virtual Group)
HKU\S-1-5-21-856383927-2722781114-901137784-1000\...\Run: [Osalpymywio] => C:\Users\Owner\AppData\Roaming\Elmiurov\ihuttul.exe [284160 2013-11-27] (Virtual Group)
HKU\S-1-5-21-856383927-2722781114-901137784-1000\...\Run: [Uluzedofveyz] => C:\Users\Owner\AppData\Roaming\Efkuylri\okwaec.exe [280064 2012-11-20] (Virtual Group)
HKU\S-1-5-21-856383927-2722781114-901137784-1000\...\Run: [Soneipedfo] => C:\Users\Quentin 2\AppData\Roaming\Ihvutyid\ygygi.exe [284160 2014-06-02] (Virtual Group)
HKU\S-1-5-21-856383927-2722781114-901137784-1000\...\Run: [Yzelqaroum] => C:\Users\Owner\AppData\Roaming\Nyvielyn\zewoo.exe [283136 2013-04-18] (Virtual Group)
HKU\S-1-5-21-856383927-2722781114-901137784-1000\...\Run: [Yzlyubiguh] => C:\Users\Owner\AppData\Roaming\Obnodofu\byatala.exe [283136 2014-03-03] (Virtual Group)
HKU\S-1-5-21-856383927-2722781114-901137784-1000\...\Run: [Okoseqreannyapp] => C:\Users\Quentin 2\AppData\Roaming\Ladyqi\weequwt.exe [321024 2014-06-01] (Global Trade)
HKU\S-1-5-21-856383927-2722781114-901137784-1000\...\Run: [Yngaorav] => C:\Users\Quentin 2\AppData\Roaming\Inkonaxy\ywtyer.exe [317952 2014-05-30] (Global Trade)
HKU\S-1-5-21-856383927-2722781114-901137784-1000\...\Run: [Yzgyabt] => C:\Users\Quentin 2\AppData\Roaming\Loxumoas\eqhyen.exe [283136 2014-06-02] (Virtual Group)
HKU\S-1-5-21-856383927-2722781114-901137784-1000\...\Run: [Onoqduuw] => C:\Users\Quentin 2\AppData\Roaming\Kuoqdueb\yhcub.exe [284160 2014-06-02] (Virtual Group)
HKU\S-1-5-21-856383927-2722781114-901137784-1000\...\Run: [Wauwz] => C:\Users\Quentin 2\AppData\Roaming\Toxyca\usdia.exe [321024 2014-05-31] (Global Trade)
HKU\S-1-5-21-856383927-2722781114-901137784-1000\...\Run: [Qiyxdoz] => C:\Users\Quentin 2\AppData\Roaming\Geguupqe\ywpode.exe [317952 2014-05-29] (Global Trade)
HKU\S-1-5-21-856383927-2722781114-901137784-1000\...\Run: [Uhiwlagaocba] => C:\Users\TeeSupport\AppData\Roaming\Soypeku\uksyuz.exe [280064 2014-02-14] (Virtual Group)
HKU\S-1-5-21-856383927-2722781114-901137784-1000\...\Run: [porluibacpap] => C:\Users\Owner\porluibacpap.exe [47360 2014-06-30] ()
HKU\S-1-5-21-856383927-2722781114-901137784-1000\...\Run: [Afatinulsoedil] => C:\Users\Owner\AppData\Roaming\Xoehto\mihegaf.exe [317952 2012-02-11] (Global Trade)
HKU\S-1-5-21-856383927-2722781114-901137784-1000\...\Run: [Xaoskiorkilir] => C:\Users\Owner\AppData\Roaming\Viogbe\urubaxd.exe [317952 2011-10-27] (Global Trade)
HKU\S-1-5-21-856383927-2722781114-901137784-1000\...\Run: [Ydyly] => C:\Users\Owner\AppData\Roaming\Myuzza\worah.exe [321024 2013-03-19] (Global Trade)
HKU\S-1-5-21-856383927-2722781114-901137784-1000\...\Run: [Lufiy] => C:\Users\Quentin 2\AppData\Roaming\Amatim\qysyc.exe [280064 2014-06-02] (Virtual Group)
HKU\S-1-5-21-856383927-2722781114-901137784-1000\...\Run: [Ibolexso] => C:\Users\Owner\AppData\Roaming\Wixowilu\amteug.exe [280064 2013-09-13] (Virtual Group)
HKU\S-1-5-21-856383927-2722781114-901137784-1000\...\Run: [Zyibhesyexuk] => C:\Users\TeeSupport\AppData\Roaming\Umizpo\qyage.exe [317952 2014-03-21] (Global Trade)
HKU\S-1-5-21-856383927-2722781114-901137784-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-856383927-2722781114-901137784-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-856383927-2722781114-901137784-1000\...\Winlogon: [Shell] explorer.exe,C:\Users\Owner\AppData\Roaming\cache.dat <==== ATTENTION
HKU\S-1-5-21-856383927-2722781114-901137784-1000\...409d6c4515e9\InprocServer32: [Default-shell32] \\?\globalroot\Device\HarddiskVolume2\Users\Owner\AppData\Roaming\sqxcytu\sjqnfbs\wow.dll ATTENTION! ====> ZeroAccess?
HKU\S-1-5-21-856383927-2722781114-901137784-1003\...\Run: [Yrtuazpooxudzi] => C:\Users\Owner\AppData\Roaming\Dosaxuuq\caevo.exe [280064 2013-07-14] (Virtual Group)
HKU\S-1-5-21-856383927-2722781114-901137784-1003\...\Run: [{694320CC-8F6F-F114-A5A0-A6B34D7B2DEA}] => C:\Users\TeeSupport\AppData\Roaming\Caifyz\fyylk.exe [231424 2014-02-06] ( )
HKU\S-1-5-21-856383927-2722781114-901137784-1003\...\Run: [Wiryo] => C:\Users\Quentin 2\AppData\Roaming\Buohdoe\yxudp.exe [280064 2014-06-02] (Virtual Group)
HKU\S-1-5-21-856383927-2722781114-901137784-1003\...\Run: [Eznovusaobwa] => C:\Users\Owner\AppData\Roaming\Ymhaca\woovepu.exe [284160 2014-06-02] (Virtual Group)
HKU\S-1-5-21-856383927-2722781114-901137784-1003\...\Run: [Okoseqreannyapp] => C:\Users\Quentin 2\AppData\Roaming\Ladyqi\weequwt.exe [321024 2014-06-01] (Global Trade)
HKU\S-1-5-21-856383927-2722781114-901137784-1003\...\Run: [Yzlyubiguh] => C:\Users\Owner\AppData\Roaming\Obnodofu\byatala.exe [283136 2014-03-03] (Virtual Group)
HKU\S-1-5-21-856383927-2722781114-901137784-1003\...\Run: [Alracoukzak] => C:\Users\Owner\AppData\Roaming\Gelyer\elaxpa.exe [317952 2013-09-12] (Global Trade)
HKU\S-1-5-21-856383927-2722781114-901137784-1003\...\Run: [Daobezzagu] => C:\Users\Guest\AppData\Roaming\Vyweolco\omorzuu.exe [283136 2012-01-07] (Virtual Group)
HKU\S-1-5-21-856383927-2722781114-901137784-1003\...\Run: [Ohynseilylny] => C:\Users\Owner\AppData\Roaming\Ilohyh\gyqafiu.exe [280064 2012-10-30] (Virtual Group)
HKU\S-1-5-21-856383927-2722781114-901137784-1003\...\Run: [Osalpymywio] => C:\Users\Owner\AppData\Roaming\Elmiurov\ihuttul.exe [284160 2013-11-27] (Virtual Group)
HKU\S-1-5-21-856383927-2722781114-901137784-1003\...\Run: [Wauwz] => C:\Users\Quentin 2\AppData\Roaming\Toxyca\usdia.exe [321024 2014-05-31] (Global Trade)
HKU\S-1-5-21-856383927-2722781114-901137784-1003\...\Run: [porluibacpap] => C:\Users\TeeSupport\porluibacpap.exe [47360 2014-06-30] ()
HKU\S-1-5-21-856383927-2722781114-901137784-1003\...\Run: [Yngaorav] => C:\Users\Quentin 2\AppData\Roaming\Inkonaxy\ywtyer.exe [317952 2014-05-30] (Global Trade)
HKU\S-1-5-21-856383927-2722781114-901137784-1003\...\Run: [Uluzedofveyz] => C:\Users\Owner\AppData\Roaming\Efkuylri\okwaec.exe [280064 2012-11-20] (Virtual Group)
HKU\S-1-5-21-856383927-2722781114-901137784-1003\...\Run: [Lufiy] => C:\Users\Quentin 2\AppData\Roaming\Amatim\qysyc.exe [280064 2014-06-02] (Virtual Group)
HKU\S-1-5-21-856383927-2722781114-901137784-1003\...\Run: [Onoqduuw] => C:\Users\Quentin 2\AppData\Roaming\Kuoqdueb\yhcub.exe [284160 2014-06-02] (Virtual Group)
HKU\S-1-5-21-856383927-2722781114-901137784-1003\...\Run: [Soneipedfo] => C:\Users\Quentin 2\AppData\Roaming\Ihvutyid\ygygi.exe [284160 2014-06-02] (Virtual Group)
HKU\S-1-5-21-856383927-2722781114-901137784-1003\...\Run: [Afatinulsoedil] => C:\Users\Owner\AppData\Roaming\Xoehto\mihegaf.exe [317952 2012-02-11] (Global Trade)
HKU\S-1-5-21-856383927-2722781114-901137784-1003\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
AppInit_DLLs: C:\PROGRA~3\WINSYS~1\WINSYS~2.DLL => C:\PROGRA~3\WINSYS~1\WINSYS~2.DLL File Not Found
AppInit_DLLs-x32: c:\progra~3\winsys~1\winsys~1.dll => "c:\progra~3\winsys~1\winsys~1.dll" File Not Found
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\faedeq.exe (Global Trade)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fauwro.exe (Global Trade)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fiovci.exe (Virtual Group)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\keuwla.exe (Virtual Group)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\opib.exe ( )
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\poewox.exe (Global Trade)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qoirad.exe (Virtual Group)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\riac.exe ( )
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ufoss.exe (Virtual Group)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vysa.exe (Virtual Group)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wooxmi.exe (Virtual Group)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\woycla.exe (Virtual Group)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ynuwfa.exe (Virtual Group)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ytycmi.exe (Global Trade)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\faedeq.exe (Global Trade)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fauwro.exe (Global Trade)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fiovci.exe (Virtual Group)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\keuwla.exe (Virtual Group)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\opib.exe ( )
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\poewox.exe (Global Trade)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qoirad.exe (Virtual Group)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\riac.exe ( )
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ufoss.exe (Virtual Group)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vysa.exe (Virtual Group)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wooxmi.exe (Virtual Group)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\woycla.exe (Virtual Group)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ynuwfa.exe (Virtual Group)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ytycmi.exe (Global Trade)
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\TeeSupport\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

URLSearchHook: HKLM-x32 - (No Name) - {62cad681-699f-4f83-b87f-95584003592f} - No File
SearchScopes: HKLM - DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKLM - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {57CAD22C-98EE-46DE-B454-842736B89EA8} URL =
SearchScopes: HKLM - {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ
SearchScopes: HKLM-x32 - DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {D7F9E78C-14C8-4C3E-98EE-7E587FEF79CC} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ
SearchScopes: HKCU - {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL =
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5A564BB0-8275-4127-ABF4-146A0BD6716C}: [NameServer]8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{B072F86D-6726-4000-8BCB-5076366DB30D}: [NameServer]8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{DC6FF366-1F55-4627-A031-877E8F9F557D}: [NameServer]8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

FireFox:
========
FF ProfilePath: C:\Users\TeeSupport\AppData\Roaming\Mozilla\Firefox\Profiles\puhag60t.default
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.7.2 -> C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.7.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 -> C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.7.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: DownloadTerms - C:\Program Files (x86)\Mozilla Firefox\extensions\eoppnrqmocgit@fmwplidnapyokntwh.net [2014-02-23]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\webbooster@iminent.com [2014-02-23]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-02-23]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-02-23]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-02-23]
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox
FF HKLM\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] - C:\Program Files\IB Updater\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] - C:\Program Files\IB Updater\Firefox
FF HKLM-x32\...\Firefox\Extensions: [extension@FastFreeConverter.com] - C:\Program Files (x86)\Fast Free Converter\FastFreeConverter\extension@FastFreeConverter.com
FF HKLM-x32\...\Firefox\Extensions: [lesstabs@lesstabs.com] - C:\Program Files (x86)\Mozilla Firefox\extensions\lesstabs@lesstabs.com
FF HKLM-x32\...\Firefox\Extensions: [xz123@ya456.com] - C:\Program Files (x86)\BetterSurf\ff
FF HKLM-x32\...\Firefox\Extensions: [12x3q4@3244516.com] - C:\Program Files (x86)\Better-Surf\ff
FF HKLM-x32\...\Firefox\Extensions: [ext@WebexpEnhancedV1alpha993.net] - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha993\ff

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR StartupUrls: "hxxp://www.google.com"
CHR DefaultSearchKeyword: Google
CHR DefaultSearchURL: http://www.google.com/search?q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U7) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.70.10) - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Extension: (fcreward.100884.rs) - C:\Users\TeeSupport\AppData\Local\Google\Chrome\User Data\Default\Extensions\ambalpkabmdjkiegmapflldonihghglk [2013-08-28]
CHR Extension: (Google Drive) - C:\Users\TeeSupport\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-11]
CHR Extension: (WhiteSmoke New 1.1) - C:\Users\TeeSupport\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpghhlfbjmmjohhnonhjgpbjdlbnmapf [2014-05-30]
CHR Extension: (Chromoji - Emoji for Google Chrome™) - C:\Users\TeeSupport\AppData\Local\Google\Chrome\User Data\Default\Extensions\cahedbegdkagmcjfolhdlechbkeaieki [2014-08-11]
CHR Extension: (iVIDI.org plugin) - C:\Users\TeeSupport\AppData\Local\Google\Chrome\User Data\Default\Extensions\giacfgjdclhnmkacnfbaljbmpnelflol [2013-09-16]
CHR Extension: (RemoveThEAdApp) - C:\Users\TeeSupport\AppData\Local\Google\Chrome\User Data\Default\Extensions\knjjpgcapcjffnfoappibijoccmjpoll [2014-05-30]
CHR Extension: (Google Wallet) - C:\Users\TeeSupport\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-30]
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx [2014-05-30]
CHR HKLM-x32\...\Chrome\Extension: [abfmigjiaapipflmopkaaooigcjjdojh] - C:\Program Files (x86)\LyricsContainer\120.crx [2014-05-30]
CHR HKLM-x32\...\Chrome\Extension: [ambalpkabmdjkiegmapflldonihghglk] - C:\Users\Owner\AppData\Roaming\BucksBee Loyalty Plugin - 100884.rs for Chrome\Toolbar_production_100884_5.crx [2012-05-21]
CHR HKLM-x32\...\Chrome\Extension: [bpghhlfbjmmjohhnonhjgpbjdlbnmapf] - C:\Users\Owner\AppData\Local\CRE\bpghhlfbjmmjohhnonhjgpbjdlbnmapf.crx [2013-11-26]
CHR HKLM-x32\...\Chrome\Extension: [dedmngkbaffkenlfdcbganndoghblmap] - C:\Program Files (x86)\BetterSurf\ch\Chrome.crx [2013-11-26]
CHR HKLM-x32\...\Chrome\Extension: [dijnnljbpplhmeegmajinimgaejbfhbn] - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha993\ch\WebexpEnhancedV1alpha993.crx [2013-11-26]
CHR HKLM-x32\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx [2013-11-26]
CHR HKLM-x32\...\Chrome\Extension: [ebcplfjkimahcicablidnpnghomiggpi] - C:\Program Files (x86)\OApps\chrome-sl.crx [2013-11-26]
CHR HKLM-x32\...\Chrome\Extension: [giacfgjdclhnmkacnfbaljbmpnelflol] - C:\Program Files (x86)\iVIDI.org plugin\ividiplg.crx [2012-11-05]
CHR HKLM-x32\...\Chrome\Extension: [jifflliplgeajjdhmkcfnngfpgbjonjg] - C:\Program Files (x86)\Perion\NewTab\newTab.crx [2012-11-05]
CHR HKLM-x32\...\Chrome\Extension: [kincjchfokkeneeofpeefomkikfkiedl] - C:\Program Files (x86)\OApps\chromeaddon.crx [2012-11-05]
CHR HKLM-x32\...\Chrome\Extension: [kpdhgpkkloealnjnmepfhanpcleldbef] - C:\Program Files (x86)\Unitech LLC\ividi\1.8.23.0\ividi.crx [2012-11-05]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]
CHR HKLM-x32\...\Chrome\Extension: [mpfapcdfbbledbojijcbcclmlieaoogk] - C:\Users\Owner\AppData\Local\I Want This\Chrome\I Want This.crx [2013-05-14]
CHR HKLM-x32\...\Chrome\Extension: [mpieaakhacmfleokhjcjnpcnmnmpfkid] - C:\Program Files (x86)\fbphotozoom\fbphotozoom16.crx [2013-05-14]
CHR HKLM-x32\...\Chrome\Extension: [niapdbllcanepiiimjjndipklodoedlc] - C:\Users\Owner\AppData\Local\Temp\YontooLayers.crx [2013-05-14]
CHR HKLM-x32\...\Chrome\Extension: [pgmfkblbflahhponhjmkcnpjinenhlnc] - C:\Users\Owner\AppData\Local\Vid-Saver\Chrome\Vid-Saver.crx [2013-05-14]
CHR HKLM-x32\...\Chrome\Extension: [poheodfamflhhhdcmjfeggbgigeefaco] - C:\Program Files (x86)\Better-Surf\ch\Chrome.crx [2013-05-14]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 DcomLaunch; C:\Windows\system32\rpcss.dll [520192 2010-11-20] (Microsoft Corporation) [File not signed]
R2 iSafeService; C:\Program Files (x86)\iSafe\iSafeSvc.exe [118056 2014-06-09] (Elex do Brasil Participações Ltda)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 PnkBstrA; C:\windows\SysWOW64\PnkBstrA.exe [76888 2012-12-11] ()
R2 RpcSs; C:\Windows\system32\rpcss.dll [520192 2010-11-20] (Microsoft Corporation) [File not signed]
S2 SecurityCenterServer1065396736; C:\Users\Quentin 2\AppData\Roaming\Cufuseda\siynh.exe [280064 2014-06-02] (Virtual Group) [File not signed]
R2 SecurityCenterServer1096596917; C:\Users\Owner\AppData\Roaming\Hurupei\amnor.exe [321024 2014-01-19] (Global Trade) [File not signed]
R2 SecurityCenterServer1111580089; C:\Users\Owner\AppData\Roaming\Xoehto\mihegaf.exe [317952 2012-02-11] (Global Trade) [File not signed]
R2 SecurityCenterServer1116726850; C:\Users\Owner\AppData\Roaming\Ymhaca\woovepu.exe [284160 2014-06-02] (Virtual Group) [File not signed]
R2 SecurityCenterServer1363418141; C:\Users\Quentin 2\AppData\Roaming\Toxyca\usdia.exe [321024 2014-05-31] (Global Trade) [File not signed]
R2 SecurityCenterServer1371265576; C:\Users\TeeSupport\AppData\Roaming\Ottyuhr\odxiigt.exe [280064 2014-05-29] (Virtual Group) [File not signed]
R2 SecurityCenterServer1408155373; C:\Users\TeeSupport\AppData\Roaming\Izduaniv\yzcoca.exe [284160 2013-09-30] (Virtual Group) [File not signed]
R2 SecurityCenterServer1431051120; C:\Users\Owner\AppData\Roaming\Myuzza\worah.exe [321024 2013-03-19] (Global Trade) [File not signed]
R2 SecurityCenterServer1435531148; C:\Users\TeeSupport\AppData\Roaming\Erofwyoc\akqupec.exe [321024 2013-11-21] (Global Trade) [File not signed]
R2 SecurityCenterServer1978031584; C:\Users\TeeSupport\AppData\Roaming\Foleaxop\fyylr.exe [283136 2014-04-14] (Virtual Group) [File not signed]
R2 SecurityCenterServer2003871214; C:\Users\Owner\AppData\Roaming\Viogbe\urubaxd.exe [317952 2011-10-27] (Global Trade) [File not signed]
R2 SecurityCenterServer2092415349; C:\Users\Quentin 2\AppData\Roaming\Ovorsow\cibead.exe [280064 2014-06-02] (Virtual Group) [File not signed]
R2 SecurityCenterServer2173672188; C:\Users\Quentin 2\AppData\Roaming\Inkonaxy\ywtyer.exe [317952 2014-05-30] (Global Trade) [File not signed]
R2 SecurityCenterServer2192498991; C:\Users\Quentin 2\AppData\Roaming\Espaku\arubwi.exe [283136 2014-06-02] (Virtual Group) [File not signed]
R2 SecurityCenterServer22934426; C:\Users\Quentin 2\AppData\Roaming\Kuoqdueb\yhcub.exe [284160 2014-06-02] (Virtual Group) [File not signed]
R2 SecurityCenterServer2379301644; C:\Users\Quentin 2\AppData\Roaming\Amatim\qysyc.exe [280064 2014-06-02] (Virtual Group) [File not signed]
R2 SecurityCenterServer242100489; C:\Users\TeeSupport\AppData\Roaming\Ifzaaq\ufcao.exe [321024 2014-05-09] (Global Trade) [File not signed]
R2 SecurityCenterServer2538863618; C:\Users\Owner\AppData\Roaming\Dosaxuuq\caevo.exe [280064 2013-07-14] (Virtual Group) [File not signed]
R2 SecurityCenterServer2702152337; C:\Users\Owner\AppData\Roaming\Ilohyh\gyqafiu.exe [280064 2012-10-30] (Virtual Group) [File not signed]
R2 SecurityCenterServer2760858941; C:\Users\Owner\AppData\Roaming\Abepfom\elymat.exe [321024 2014-03-15] (Global Trade) [File not signed]
R2 SecurityCenterServer2793877117; C:\Users\Quentin 2\AppData\Roaming\Ladyqi\weequwt.exe [321024 2014-06-01] (Global Trade) [File not signed]
R2 SecurityCenterServer301616179; C:\Users\Owner\AppData\Roaming\Obnodofu\byatala.exe [283136 2014-03-03] (Virtual Group) [File not signed]
R2 SecurityCenterServer3077791864; C:\Users\Quentin 2\AppData\Roaming\Geguupqe\ywpode.exe [317952 2014-05-29] (Global Trade) [File not signed]
R2 SecurityCenterServer3180805863; C:\Users\Quentin 2\AppData\Roaming\Buohdoe\yxudp.exe [280064 2014-06-02] (Virtual Group) [File not signed]
R2 SecurityCenterServer3252293967; C:\Users\Owner\AppData\Roaming\Elmiurov\ihuttul.exe [284160 2013-11-27] (Virtual Group) [File not signed]
R2 SecurityCenterServer3462081622; C:\Users\TeeSupport\AppData\Roaming\Owsype\uperyde.exe [280064 2013-10-04] (Virtual Group) [File not signed]
R2 SecurityCenterServer3528719669; C:\Users\TeeSupport\AppData\Roaming\Iwrura\zoilhu.exe [280064 2013-12-13] (Virtual Group) [File not signed]
R2 SecurityCenterServer3543847863; C:\Users\Owner\AppData\Roaming\Gelyer\elaxpa.exe [317952 2013-09-12] (Global Trade) [File not signed]
R2 SecurityCenterServer3544098129; C:\Users\Owner\AppData\Roaming\Nyvielyn\zewoo.exe [283136 2013-04-18] (Virtual Group) [File not signed]
R2 SecurityCenterServer3734159299; C:\Users\TeeSupport\AppData\Roaming\Soypeku\uksyuz.exe [280064 2014-02-14] (Virtual Group) [File not signed]
R2 SecurityCenterServer3757644616; C:\Users\Owner\AppData\Roaming\Ufufqula\tauge.exe [321024 2013-12-29] (Global Trade) [File not signed]
R2 SecurityCenterServer3796625987; C:\Users\Owner\AppData\Roaming\Efkuylri\okwaec.exe [280064 2012-11-20] (Virtual Group) [File not signed]
R2 SecurityCenterServer4003898796; C:\Users\Quentin 2\AppData\Roaming\Loxumoas\eqhyen.exe [283136 2014-06-02] (Virtual Group) [File not signed]
R2 SecurityCenterServer404366012; C:\Users\Owner\AppData\Roaming\Wixowilu\amteug.exe [280064 2013-09-13] (Virtual Group) [File not signed]
R2 SecurityCenterServer4131731185; C:\Users\TeeSupport\AppData\Roaming\Icteuly\xeizr.exe [284160 2014-04-25] (Virtual Group) [File not signed]
R2 SecurityCenterServer4154267427; C:\Users\Quentin 2\AppData\Roaming\Ihvutyid\ygygi.exe [284160 2014-06-02] (Virtual Group) [File not signed]
S2 SecurityCenterServer551776949; C:\Users\TeeSupport\AppData\Roaming\Akitevti\ryaqo.exe [283136 2013-11-19] (Virtual Group) [File not signed]
R2 SecurityCenterServer708602951; C:\Users\TeeSupport\AppData\Roaming\Umizpo\qyage.exe [317952 2014-03-21] (Global Trade) [File not signed]
R2 SecurityCenterServer709194078; C:\Users\TeeSupport\AppData\Roaming\Ipehyg\ermafyy.exe [317952 2013-09-14] (Global Trade) [File not signed]
S3 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1025408 2014-01-09] (Enigma Software Group USA, LLC.)
R2 WebrootSpySweeperService; C:\Program Files (x86)\Webroot\Security\current\plugins\antimalware\AEI.exe [3997912 2011-10-19] (Webroot Software, Inc. (www.webroot.com))
R3 WRConsumerService; C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe [3386840 2011-12-10] (Webroot Software, Inc. )
S2 8ffb8f2d; "C:\windows\system32\rundll32.exe" "c:\progra~3\winsys~1\WinsysfilterSvc.dll",service

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 ElRawDisk; C:\windows\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] ()
S3 hitmanpro37; C:\windows\system32\drivers\hitmanpro37.sys [32512 2013-08-28] ()
R3 iSafeKrnl; C:\Program Files (x86)\iSafe\iSafeKrnl.sys [232960 2014-06-09] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlKit; C:\Program Files (x86)\iSafe\iSafeKrnlKit.sys [66048 2014-06-09] (Elex do Brasil Participações Ltda)
R1 iSafeNetFilter; C:\Program Files (x86)\iSafe\iSafeNetFilter.sys [48640 2014-06-09] (Elex do Brasil Participações Ltda)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-02] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R2 ssfmonm; C:\Windows\System32\DRIVERS\ssfmonm.sys [56408 2011-05-18] (Webroot Software, Inc. (www.webroot.com))
R0 ssidrv; C:\Windows\System32\DRIVERS\ssidrv.sys [136224 2011-05-18] (Webroot Software, Inc. (www.webroot.com))
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [X]
S3 iSafeKrnlBoot; \??\system32\DRIVERS\iSafeKrnlBoot.sys [X]
S3 X6va005; \??\C:\Users\Owner\AppData\Local\Temp\0056C0C.tmp [X]
S3 X6va006; \??\C:\Users\Owner\AppData\Local\Temp\006363C.tmp [X]
S3 X6va008; \??\C:\windows\SysWOW64\Drivers\X6va008 [X]
S3 X6va009; \??\C:\windows\SysWOW64\Drivers\X6va009 [X]
S3 X6va010; \??\C:\windows\SysWOW64\Drivers\X6va010 [X]
S3 X6va011; \??\C:\windows\SysWOW64\Drivers\X6va011 [X]
S3 X6va012; \??\C:\windows\SysWOW64\Drivers\X6va012 [X]
S3 X6va013; \??\C:\windows\SysWOW64\Drivers\X6va013 [X]
S3 X6va015; \??\C:\windows\SysWOW64\Drivers\X6va015 [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-12 17:25 - 2014-08-12 17:25 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\G001
2014-08-12 17:15 - 2014-08-12 17:29 - 00057841 _____ () C:\Users\TeeSupport\Downloads\FRST.txt
2014-08-12 17:09 - 2014-08-12 17:09 - 02099712 _____ (Farbar) C:\Users\TeeSupport\Desktop\FRST64.exe
2014-08-12 17:09 - 2014-08-12 17:09 - 00000000 ____D () C:\Users\TeeSupport\AppData\Roaming\Macromedia
2014-08-12 17:09 - 2014-08-12 17:09 - 00000000 ____D () C:\Users\TeeSupport\AppData\Local\Macromedia
2014-08-12 17:07 - 2014-08-12 17:07 - 00000000 ____D () C:\Users\TeeSupport\AppData\Local\Mozilla
2014-08-11 19:07 - 2014-08-11 19:07 - 00000000 ____D () C:\Users\TeeSupport\AppData\Roaming\G001
2014-08-11 17:55 - 2014-08-11 17:55 - 00632201 _____ () C:\Users\TeeSupport\Downloads\install.exe
2014-08-11 16:01 - 2014-08-12 17:07 - 00000000 ____D () C:\Users\TeeSupport\AppData\Roaming\Mozilla
2014-08-11 16:01 - 2014-08-11 16:01 - 00000000 ____D () C:\Users\TeeSupport\AppData\Local\G001
2014-08-11 15:48 - 2014-08-12 17:31 - 00054272 _____ () C:\windows\system32\mkmqft.tcg
2014-07-28 12:51 - 2014-07-28 12:51 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\eCyber

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-12 17:31 - 2014-08-11 15:48 - 00054272 _____ () C:\windows\system32\mkmqft.tcg
2014-08-12 17:31 - 2014-05-23 20:03 - 00000065 _____ () C:\windows\system32\rtvq.tfw
2014-08-12 17:29 - 2014-08-12 17:15 - 00057841 _____ () C:\Users\TeeSupport\Downloads\FRST.txt
2014-08-12 17:25 - 2014-08-12 17:25 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\G001
2014-08-12 17:17 - 2014-06-06 10:35 - 00000000 ____D () C:\FRST
2014-08-12 17:11 - 2013-12-24 11:12 - 00000444 ____H () C:\windows\Tasks\SK.Enabler-S-1495795506.job
2014-08-12 17:11 - 2011-07-05 22:47 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-12 17:09 - 2014-08-12 17:09 - 02099712 _____ (Farbar) C:\Users\TeeSupport\Desktop\FRST64.exe
2014-08-12 17:09 - 2014-08-12 17:09 - 00000000 ____D () C:\Users\TeeSupport\AppData\Roaming\Macromedia
2014-08-12 17:09 - 2014-08-12 17:09 - 00000000 ____D () C:\Users\TeeSupport\AppData\Local\Macromedia
2014-08-12 17:09 - 2014-05-27 20:03 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-08-12 17:07 - 2014-08-12 17:07 - 00000000 ____D () C:\Users\TeeSupport\AppData\Local\Mozilla
2014-08-12 17:07 - 2014-08-11 16:01 - 00000000 ____D () C:\Users\TeeSupport\AppData\Roaming\Mozilla
2014-08-12 17:03 - 2009-07-14 01:13 - 00005210 _____ () C:\windows\system32\PerfStringBackup.INI
2014-08-12 17:03 - 2009-07-14 00:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-12 17:03 - 2009-07-14 00:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-12 17:02 - 2014-06-25 08:21 - 00000826 _____ () C:\windows\Tasks\Security Center Update - 708602951.job
2014-08-12 17:02 - 2014-06-25 08:16 - 00000830 _____ () C:\windows\Tasks\Security Center Update - 709194078.job
2014-08-12 17:02 - 2014-06-08 20:38 - 00000800 _____ () C:\windows\Tasks\Security Center Update - 2003871214.job
2014-08-12 17:02 - 2014-06-08 20:38 - 00000796 _____ () C:\windows\Tasks\Security Center Update - 1431051120.job
2014-08-12 17:02 - 2014-06-08 20:34 - 00000802 _____ () C:\windows\Tasks\Security Center Update - 2760858941.job
2014-08-12 17:02 - 2014-06-08 20:34 - 00000800 _____ () C:\windows\Tasks\Security Center Update - 1111580089.job
2014-08-12 17:02 - 2014-06-05 20:02 - 00000800 _____ () C:\windows\Tasks\Security Center Update - 1096596917.job
2014-08-12 17:02 - 2014-06-04 20:54 - 00000830 _____ () C:\windows\Tasks\Security Center Update - 3077791864.job
2014-08-12 17:02 - 2014-06-04 20:53 - 00000830 _____ () C:\windows\Tasks\Security Center Update - 2173672188.job
2014-08-12 17:02 - 2014-06-04 19:27 - 00000830 _____ () C:\windows\Tasks\Security Center Update - 317955923.job
2014-08-12 17:02 - 2014-06-04 19:27 - 00000824 _____ () C:\windows\Tasks\Security Center Update - 2401480587.job
2014-08-12 17:02 - 2014-06-04 19:22 - 00000830 _____ () C:\windows\Tasks\Security Center Update - 62774847.job
2014-08-12 17:02 - 2014-06-04 19:22 - 00000830 _____ () C:\windows\Tasks\Security Center Update - 1551334121.job
2014-08-12 17:02 - 2014-06-04 19:22 - 00000828 _____ () C:\windows\Tasks\Security Center Update - 3997903547.job
2014-08-12 17:02 - 2014-06-04 19:22 - 00000828 _____ () C:\windows\Tasks\Security Center Update - 1392327789.job
2014-08-12 17:02 - 2014-06-04 19:22 - 00000824 _____ () C:\windows\Tasks\Security Center Update - 4072912339.job
2014-08-12 17:02 - 2014-06-04 19:22 - 00000824 _____ () C:\windows\Tasks\Security Center Update - 3272480754.job
2014-08-12 17:02 - 2014-06-04 19:22 - 00000820 _____ () C:\windows\Tasks\Security Center Update - 1823406108.job
2014-08-12 17:02 - 2014-06-04 19:22 - 00000820 _____ () C:\windows\Tasks\Security Center Update - 1276178792.job
2014-08-12 17:02 - 2014-06-04 19:21 - 00000832 _____ () C:\windows\Tasks\Security Center Update - 273463002.job
2014-08-12 17:02 - 2014-06-04 19:21 - 00000824 _____ () C:\windows\Tasks\Security Center Update - 446078145.job
2014-08-12 17:02 - 2014-06-04 18:32 - 00000838 _____ () C:\windows\Tasks\Security Center Update - 1435531148.job
2014-08-12 17:02 - 2014-06-04 18:32 - 00000834 _____ () C:\windows\Tasks\Security Center Update - 1978031584.job
2014-08-12 17:02 - 2014-06-04 18:32 - 00000830 _____ () C:\windows\Tasks\Security Center Update - 4131731185.job
2014-08-12 17:02 - 2014-06-04 18:27 - 00000836 _____ () C:\windows\Tasks\Security Center Update - 1408155373.job
2014-08-12 17:02 - 2014-06-04 18:27 - 00000834 _____ () C:\windows\Tasks\Security Center Update - 551776949.job
2014-08-12 17:02 - 2014-06-04 18:27 - 00000826 _____ () C:\windows\Tasks\Security Center Update - 242100489.job
2014-08-12 17:02 - 2014-06-03 20:38 - 00000820 _____ () C:\windows\Tasks\Security Center Update - 1363418141.job
2014-08-12 17:02 - 2014-06-03 20:37 - 00000824 _____ () C:\windows\Tasks\Security Center Update - 2793877117.job
2014-08-12 17:02 - 2014-06-02 19:06 - 00000822 _____ () C:\windows\Tasks\Security Center Update - 2192498991.job
2014-08-12 17:02 - 2014-06-02 19:03 - 00000830 _____ () C:\windows\Tasks\Security Center Update - 4003898796.job
2014-08-12 17:02 - 2014-06-01 20:22 - 00000808 _____ () C:\windows\Tasks\Security Center Update - 301616179.job
2014-08-12 17:02 - 2014-06-01 20:20 - 00000804 _____ () C:\windows\Tasks\Security Center Update - 3544098129.job
2014-08-12 17:02 - 2014-05-31 21:48 - 00000828 _____ () C:\windows\Tasks\Security Center Update - 4154267427.job
2014-08-12 17:02 - 2014-05-31 21:45 - 00000828 _____ () C:\windows\Tasks\Security Center Update - 22934426.job
2014-08-12 17:02 - 2014-05-31 19:56 - 00000808 _____ () C:\windows\Tasks\Security Center Update - 3252293967.job
2014-08-12 17:02 - 2014-05-31 19:09 - 00000800 _____ () C:\windows\Tasks\Security Center Update - 1116726850.job
2014-08-12 17:02 - 2014-05-30 23:09 - 00000830 _____ () C:\windows\Tasks\Security Center Update - 3462081622.job
2014-08-12 17:02 - 2014-05-30 23:08 - 00000834 _____ () C:\windows\Tasks\Security Center Update - 1371265576.job
2014-08-12 17:02 - 2014-05-30 23:08 - 00000828 _____ () C:\windows\Tasks\Security Center Update - 3528719669.job
2014-08-12 17:02 - 2014-05-30 23:07 - 00000832 _____ () C:\windows\Tasks\Security Center Update - 3734159299.job
2014-08-12 17:02 - 2014-05-28 20:38 - 00006608 _____ () C:\windows\setupact.log
2014-08-12 17:02 - 2014-05-28 20:31 - 00000828 _____ () C:\windows\Tasks\Security Center Update - 1065396736.job
2014-08-12 17:02 - 2014-05-28 20:31 - 00000826 _____ () C:\windows\Tasks\Security Center Update - 2092415349.job
2014-08-12 17:02 - 2014-05-28 20:30 - 00000824 _____ () C:\windows\Tasks\Security Center Update - 3180805863.job
2014-08-12 17:02 - 2014-05-28 20:30 - 00000820 _____ () C:\windows\Tasks\Security Center Update - 2379301644.job
2014-08-12 17:02 - 2014-05-28 19:51 - 00000800 _____ () C:\windows\Tasks\Security Center Update - 2702152337.job
2014-08-12 17:02 - 2014-05-28 19:50 - 00000806 _____ () C:\windows\Tasks\Security Center Update - 3796625987.job
2014-08-12 17:02 - 2014-05-27 19:09 - 00000806 _____ () C:\windows\Tasks\Security Center Update - 404366012.job
2014-08-12 17:02 - 2014-05-27 19:06 - 00000804 _____ () C:\windows\Tasks\Security Center Update - 2538863618.job
2014-08-12 17:02 - 2011-07-05 22:47 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-11 19:16 - 2014-05-23 20:15 - 00000080 _____ () C:\windows\system32\ibko.lft
2014-08-11 19:11 - 2014-01-02 22:14 - 00000000 ____D () C:\Program Files (x86)\iSafe
2014-08-11 19:07 - 2014-08-11 19:07 - 00000000 ____D () C:\Users\TeeSupport\AppData\Roaming\G001
2014-08-11 19:03 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-08-11 17:55 - 2014-08-11 17:55 - 00632201 _____ () C:\Users\TeeSupport\Downloads\install.exe
2014-08-11 17:53 - 2013-08-28 20:40 - 00000000 ____D () C:\Users\TeeSupport\AppData\Local\CrashDumps
2014-08-11 16:18 - 2014-04-28 21:56 - 00000000 ___RD () C:\Users\Owner\Google Drive
2014-08-11 16:12 - 2014-05-27 20:03 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-08-11 16:11 - 2012-04-16 07:44 - 00699056 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-08-11 16:11 - 2011-12-30 12:39 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-11 16:01 - 2014-08-11 16:01 - 00000000 ____D () C:\Users\TeeSupport\AppData\Local\G001
2014-08-11 13:56 - 2009-07-14 01:08 - 00032546 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-08-11 13:42 - 2012-12-11 14:04 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-07-28 13:09 - 2014-05-30 23:07 - 00000000 ____D () C:\Users\TeeSupport\AppData\Roaming\isafe
2014-07-28 13:05 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\NDF
2014-07-28 12:53 - 2014-05-04 17:22 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\isafe
2014-07-28 12:51 - 2014-07-28 12:51 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\eCyber
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install

Files to move or delete:
====================
C:\ProgramData\AjguVwok.dat
C:\ProgramData\ArurXuqta.dat
C:\ProgramData\AsebHezv.dat
C:\ProgramData\EfciPgadi.dat
C:\ProgramData\EmokRenb.dat
C:\ProgramData\ExkaTijun.dat
C:\ProgramData\ExubNosul.dat
C:\ProgramData\IcevIrof.dat
C:\ProgramData\OrjaTipg.dat
C:\ProgramData\OvgirHavdu.dat
C:\Users\Guest\befukocsejyr.exe
C:\Users\Guest\AppData\Roaming\cache.ini
C:\Users\Owner\porluibacpap.exe
C:\Users\Owner\AppData\Roaming\cache.ini
C:\Users\Public\AutoUpdate.exe
C:\Users\Quentin 2\befukocsejyr.exe
C:\Users\Quentin 2\cihuqcyrilwy.exe
C:\Users\Quentin 2\porluibacpap.exe
C:\Users\Quentin 3\befukocsejyr.exe
C:\Users\TeeSupport\porluibacpap.exe


Some content of TEMP:
====================
C:\Users\Guest\AppData\Local\Temp\gm7gegh7.dll
C:\Users\Owner\AppData\Local\Temp\427F.exe
C:\Users\Owner\AppData\Local\Temp\9D86.exe
C:\Users\Owner\AppData\Local\Temp\appinstal1.exe
C:\Users\Owner\AppData\Local\Temp\applinstall.exe
C:\Users\Owner\AppData\Local\Temp\Better-Surf.exe
C:\Users\Owner\AppData\Local\Temp\BetterSurf.exe
C:\Users\Owner\AppData\Local\Temp\BetterSurfPlusInstaller.exe
C:\Users\Owner\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp_h4fsn.dll
C:\Users\Owner\AppData\Local\Temp\F1CD.exe
C:\Users\Owner\AppData\Local\Temp\installerdll17229936.dll
C:\Users\Owner\AppData\Local\Temp\installerdll17250403.dll
C:\Users\Owner\AppData\Local\Temp\notepad.exe
C:\Users\Owner\AppData\Local\Temp\nse1825.exe
C:\Users\Owner\AppData\Local\Temp\nso44E2.exe
C:\Users\Owner\AppData\Local\Temp\nso6676.exe
C:\Users\Owner\AppData\Local\Temp\nsoFEB.exe
C:\Users\Owner\AppData\Local\Temp\pb6chs_p.dll
C:\Users\Owner\AppData\Local\Temp\rootsupd.exe
C:\Users\Owner\AppData\Local\Temp\set-app.exe
C:\Users\Owner\AppData\Local\Temp\setapp.exe
C:\Users\Owner\AppData\Local\Temp\Setup-a.exe
C:\Users\Owner\AppData\Local\Temp\setup.exe
C:\Users\Owner\AppData\Local\Temp\Setup1.exe
C:\Users\Owner\AppData\Local\Temp\Setup2.exe
C:\Users\Owner\AppData\Local\Temp\setup__4610.exe
C:\Users\Owner\AppData\Local\Temp\SHSetup.exe
C:\Users\Owner\AppData\Local\Temp\SPSetup.exe
C:\Users\Owner\AppData\Local\Temp\SPStub.exe
C:\Users\Owner\AppData\Local\Temp\tbWhit.dll
C:\Users\Owner\AppData\Local\Temp\The_Weather_Channel_Application.exe
C:\Users\Owner\AppData\Local\Temp\uninst1.exe
C:\Users\Owner\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Owner\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Owner\AppData\Local\Temp\WindowsInstaller-KB893803-v2-x86.exe
C:\Users\Owner\AppData\Local\Temp\{E1331122-9583-4B09-ABA4-E81D4AADCB74}.exe
C:\Users\TeeSupport\AppData\Local\Temp\InstallAsk.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll
[2010-11-20 23:24] - [2010-11-20 23:24] - 0520192 ____A (Microsoft Corporation) 1FB31A36E13B295C14AD614A71DA684E

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender


LastRegBack: 2014-08-11 14:27

==================== End Of Log ============================



#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:25 AM

Posted 12 August 2014 - 06:11 PM

Hi,

this is quite an impressive malware collection on your computer..
Would you consider formatting the hard drive and reinstalling the operating system? Or shall we try to clean the system? The multiple user accounts aren't a problem.

You've posted the contents of FRST.txt twice but the Addition.txt is missing. Can you please also post up the contents of Addition.txt? (If you don't find the log anymore repeat the FRST scan and make sure that the option "Addition.txt" is checked.)

#5 quentin109

quentin109
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:25 PM

Posted 12 August 2014 - 06:47 PM

Thanks for answering my question, and I think we should try to clean the system but if you think formatting and re installing the OS would be the better option then PLEASE LET ME KNOW. :(   Also my fault on posting the FRST logs twice I have the addition log here now after re-running the scan:

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-08-2014
Ran by TeeSupport at 2014-08-12 19:34:10
Running from C:\Users\TeeSupport\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Webroot AntiVirus with Spy Sweeper (Disabled - Up to date) {53211D91-0C31-95F2-E3A5-7661FB22889E}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Webroot AntiVirus with Spy Sweeper (Disabled - Up to date) {E840FC75-2A0B-9A7C-D915-4D1380A5C223}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 2.5.1.17730 - Adobe Systems Inc.) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.5) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.5 - Adobe Systems Incorporated)
APB Reloaded (HKLM-x32\...\Steam App 113400) (Version:  - )
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arctic Combat (HKLM-x32\...\Steam App 212370) (Version:  - )
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
ATI Catalyst Install Manager (HKLM\...\{1D27E8CF-7546-F200-4CA3-CD2F39909F5A}) (Version: 3.0.808.0 - ATI Technologies, Inc.)
Best Buy pc app (Version: 3.0.0.0 - Best Buy) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BucksBee Loyalty Plugin - 100884.rs for Chrome (HKLM-x32\...\BucksBee Loyalty Plugin - 100884.rs for Chrome) (Version:  - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0216.726.13233 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0216.726.13233 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.0216.726.13233 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2011.0216.0725.13233 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.0216.0725.13233 - ATI) Hidden
CCC Help Czech (x32 Version: 2011.0216.0725.13233 - ATI) Hidden
CCC Help Danish (x32 Version: 2011.0216.0725.13233 - ATI) Hidden
CCC Help Dutch (x32 Version: 2011.0216.0725.13233 - ATI) Hidden
CCC Help English (x32 Version: 2011.0216.0725.13233 - ATI) Hidden
CCC Help Finnish (x32 Version: 2011.0216.0725.13233 - ATI) Hidden
CCC Help French (x32 Version: 2011.0216.0725.13233 - ATI) Hidden
CCC Help German (x32 Version: 2011.0216.0725.13233 - ATI) Hidden
CCC Help Greek (x32 Version: 2011.0216.0725.13233 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2011.0216.0725.13233 - ATI) Hidden
CCC Help Italian (x32 Version: 2011.0216.0725.13233 - ATI) Hidden
CCC Help Japanese (x32 Version: 2011.0216.0725.13233 - ATI) Hidden
CCC Help Korean (x32 Version: 2011.0216.0725.13233 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2011.0216.0725.13233 - ATI) Hidden
CCC Help Polish (x32 Version: 2011.0216.0725.13233 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2011.0216.0725.13233 - ATI) Hidden
CCC Help Russian (x32 Version: 2011.0216.0725.13233 - ATI) Hidden
CCC Help Spanish (x32 Version: 2011.0216.0725.13233 - ATI) Hidden
CCC Help Swedish (x32 Version: 2011.0216.0725.13233 - ATI) Hidden
CCC Help Thai (x32 Version: 2011.0216.0725.13233 - ATI) Hidden
CCC Help Turkish (x32 Version: 2011.0216.0725.13233 - ATI) Hidden
ccc-core-static (x32 Version: 2011.0216.726.13233 - ATI) Hidden
ccc-utility64 (Version: 2011.0216.726.13233 - ATI) Hidden
Combat Arms (HKLM-x32\...\Steam App 212180) (Version:  - )
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.1.0 - Conexant)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Daniusoft Video Converter(Build 3.1.1.0) (HKLM-x32\...\Daniusoft Video Converter_is1) (Version:  - Daniusoft Software)
Driver Detective (HKLM-x32\...\{5D6D605B-E4B7-490B-A794-9284BC3D2A8B}) (Version: 8.1 - PC Drivers HeadQuarters)
Dungeon Fighter Online (HKLM-x32\...\Steam App 212220) (Version:  - )
Easy Media Player 1.1.12 (HKLM-x32\...\Easy Media Player) (Version: 1.1.12 - Easy Media Player)
ETDWare PS/2-X64 8.0.8.0_R01 (HKLM\...\Elantech) (Version: 8.0.8.0 - ELAN Microelectronic Corp.)
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 31.0.1650.63 - Google Inc.)
Google Drive (HKLM-x32\...\{84B981C8-D6E4-473F-8062-63F14F44183E}) (Version: 1.15.6464.228 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.7.205 - SurfRight B.V.)
iFunbox (v1.96.938.649), iFunbox DevTeam (HKLM-x32\...\iFunbox_is1) (Version: v1.96.938.649 - )
iTunes (HKLM\...\{F73A118B-8271-47E2-8790-0C636B2539C5}) (Version: 11.1.0.126 - Apple Inc.)
Java 7 Update 7 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417007FF}) (Version: 7.0.70 - Oracle)
Java 7 Update 7 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217007FF}) (Version: 7.0.70 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022F0}) (Version: 6.0.220 - Oracle)
Java™ 6 Update 33 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216033FF}) (Version: 6.0.330 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Label@Once 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
MicroVolts (HKLM-x32\...\Steam App 109400) (Version:  - )
Mozilla Firefox 29.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
NVIDIA PhysX (HKLM-x32\...\{DEA314C4-0929-4250-BC92-98E4C105F28D}) (Version: 9.10.0129 - NVIDIA Corporation)
ooVoo (HKLM-x32\...\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}) (Version: 3.6.3001 - ooVoo LLC.)
OpenOffice.org 3.3 (HKLM-x32\...\{3E171899-0175-47CC-84C4-562ACDD4C021}) (Version: 3.3.9567 - OpenOffice.org)
Origin (HKLM-x32\...\Origin) (Version: 9.2.1.4399 - Electronic Arts, Inc.)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30124 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0016 - REALTEK Semiconductor Corp.)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SpyHunter (HKLM\...\{1F7E4FF9-D2E5-4258-9AE1-E16E6CB3252A}) (Version: 4.17.6.4336 - Enigma Software Group USA, LLC)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.1 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.02.02 - TOSHIBA CORPORATION)
Toshiba Book Place (HKLM-x32\...\{92C7DC44-DAD3-49FE-B89B-F92C6BA9A331}) (Version: 2.2.6775 - K-NFB Reading Technology, Inc.)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.08.64 - TOSHIBA Corporation)
TOSHIBA Bulletin Board (Version: 1.6.08.64 - TOSHIBA Corporation) Hidden
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.6 - TOSHIBA Corporation) Hidden
TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.6 - TOSHIBA Corporation) Hidden
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.8.64 - TOSHIBA CORPORATION)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.3.5109 - TOSHIBA CORPORATION)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.16.64 - TOSHIBA Corporation)
TOSHIBA ReelTime (Version: 1.7.16.64 - TOSHIBA Corporation) Hidden
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.45 - TOSHIBA)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.22.64 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.3.22.64 - TOSHIBA Corporation) Hidden
TOSHIBA Value Added Package (x32 Version: 1.3.22.64 - TOSHIBA Corporation) Hidden
ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.4 - Toshiba)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939) (Version: 1 - Microsoft Corporation)
Webroot Software (HKLM-x32\...\Webroot Software) (Version: 7.0.6.38 - Webroot Software, Inc.)
Webroot Software (x32 Version: 7.0.6.38 - Webroot Software, Inc.) Hidden
Win sys filter (HKLM-x32\...\{5F189DF5-2D05-472B-9091-84D9848AE48B}{8ffb8f2d}) (Version:  - Linker Ltd) <==== ATTENTION
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WMV9/VC-1 Video Playback (Version: 1.00.0000 - ATI Technologies Inc.) Hidden
YAC (HKLM-x32\...\iSafe) (Version:  - ELEX DO BRASIL PARTICIPAÇÕES LTDA)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-856383927-2722781114-901137784-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-856383927-2722781114-901137784-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-856383927-2722781114-901137784-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-856383927-2722781114-901137784-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-856383927-2722781114-901137784-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-856383927-2722781114-901137784-1000_Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 -> \\?\globalroot\Device\HarddiskVolume2\Users\Owner\AppData\Roaming\sqxcytu\sjqnfbs\wow.dll ()
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2014-06-04 19:25 - 00001675 _RASH C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
94.242.222.115 www.google-analytics.com.
94.242.222.115 google-analytics.com.
94.242.222.115 connect.facebook.net.
94.242.222.115 bing.com.
94.242.222.115 www.bing.com.
94.242.222.115 gb.bing.com.
94.242.222.115 au.bing.com.
94.242.222.115 ca.bing.com.
79.142.66.242 www.google-analytics.com.
79.142.66.242 google-analytics.com.
79.142.66.242 connect.facebook.net.
79.142.66.242 bing.com.
79.142.66.242 www.bing.com.
79.142.66.242 gb.bing.com.
79.142.66.242 au.bing.com.
79.142.66.242 ca.bing.com.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {09E27188-6C5A-47D6-AC34-AACC6260E92A} - System32\Tasks\Security Center Update - 709194078 => C:\Users\TeeSupport\AppData\Roaming\Ipehyg\ermafyy.exe [2013-09-14] (Global Trade)
Task: {0E73B0AA-91C6-482F-BA23-0E1277347646} - System32\Tasks\Security Center Update - 273463002 => C:\Users\Quentin 3\AppData\Roaming\Hyypogpa\xeqoqaz.exe [2014-06-04] (Global Trade)
Task: {11840B8A-6A7C-4D7B-B0B9-601016CF64DD} - System32\Tasks\Driver Detective-RTMScan => C:\Program Files (x86)\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe [2014-05-07] (PC Drivers Headquarters)
Task: {19F063D2-6758-4E9F-BDD4-916A1D4A191B} - System32\Tasks\Security Center Update - 1363418141 => C:\Users\Quentin 2\AppData\Roaming\Toxyca\usdia.exe [2014-05-31] (Global Trade)
Task: {1D7238B7-A32B-470E-9F40-686F5E602380} - System32\Tasks\Security Center Update - 4072912339 => C:\Users\Quentin 3\AppData\Roaming\Wusuafo\alsey.exe [2014-06-04] (Virtual Group)
Task: {1E581D2D-CAC8-428C-B751-FCF4BEDF7F05} - System32\Tasks\Security Center Update - 2379301644 => C:\Users\Quentin 2\AppData\Roaming\Amatim\qysyc.exe [2014-06-02] (Virtual Group)
Task: {1FE2E9D0-04BB-45F7-90AE-674006142C45} - System32\Tasks\Security Center Update - 2760858941 => C:\Users\Owner\AppData\Roaming\Abepfom\elymat.exe [2014-03-15] (Global Trade)
Task: {23DE0ED2-2FE8-4C2B-928B-B0972F8AF9F1} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-13] ()
Task: {26369A49-CBF1-4A74-935E-86C62321E08B} - System32\Tasks\Security Center Update - 2003871214 => C:\Users\Owner\AppData\Roaming\Viogbe\urubaxd.exe [2011-10-27] (Global Trade)
Task: {2756B34B-C390-48F5-8ADC-607A088677B4} - System32\Tasks\Security Center Update - 1435531148 => C:\Users\TeeSupport\AppData\Roaming\Erofwyoc\akqupec.exe [2013-11-21] (Global Trade)
Task: {3B2CD548-A36A-4690-B4A3-8BDAB1245418} - System32\Tasks\Security Center Update - 3077791864 => C:\Users\Quentin 2\AppData\Roaming\Geguupqe\ywpode.exe [2014-05-29] (Global Trade)
Task: {43636ADC-EE87-4647-AE09-EE3811B72EF2} - System32\Tasks\Security Center Update - 1823406108 => C:\Users\Quentin 3\AppData\Roaming\Agekhu\itzuy.exe [2014-06-04] (Virtual Group)
Task: {49203AB3-6EA2-4018-94A5-79220C23F597} - System32\Tasks\Driver Detective-RTMUpdater => C:\Program Files (x86)\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe [2014-05-07] (PC Drivers Headquarters)
Task: {4924A6CC-E9B8-4159-8556-D9E70C64B2AF} - System32\Tasks\Driver Detective-RTMRules => C:\Program Files (x86)\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe [2014-05-07] (PC Drivers Headquarters)
Task: {492A7867-19BB-44DE-9DED-10F1532DBEC0} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-11] (Adobe Systems Incorporated)
Task: {4A633F4A-E909-4B45-A67B-5EAB4C18C4EB} - System32\Tasks\Security Center Update - 1116726850 => C:\Users\Owner\AppData\Roaming\Ymhaca\woovepu.exe [2014-06-02] (Virtual Group)
Task: {4BDEA0A8-A266-4294-9814-00572D3565CE} - \SpyHunter4Startup No Task File <==== ATTENTION
Task: {4D5EB55C-6F5A-4C92-B790-3BE04E60FD76} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-07-05] (Google Inc.)
Task: {4DC41EDB-CE21-49C5-A7CC-04983DC906B2} - System32\Tasks\SK.Enabler-S-1495795506 => c:\programdata\quickset\sk.enabler\SK.Enabler.exe <==== ATTENTION
Task: {4EF3BD97-86C7-44B8-8FA2-024E5B61F93C} - System32\Tasks\Security Center Update - 1551334121 => C:\Users\Quentin 3\AppData\Roaming\Otycinbo\umowuq.exe [2014-06-04] (Virtual Group)
Task: {5131271D-5535-4184-AAD3-28CEB39C9965} - System32\Tasks\Security Center Update - 1431051120 => C:\Users\Owner\AppData\Roaming\Myuzza\worah.exe [2013-03-19] (Global Trade)
Task: {53C4DCDC-9CEC-4584-BC3F-63A0D63BD540} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {556CC9EC-7625-4968-8211-1A1BCED2CA42} - System32\Tasks\Security Center Update - 3528719669 => C:\Users\TeeSupport\AppData\Roaming\Iwrura\zoilhu.exe [2013-12-13] (Virtual Group)
Task: {561B86FB-F9E4-4EBF-A156-D216D6366E25} - System32\Tasks\Security Center Update - 1371265576 => C:\Users\TeeSupport\AppData\Roaming\Ottyuhr\odxiigt.exe [2014-05-29] (Virtual Group)
Task: {5A568160-66BB-4566-91B6-3A333E40972C} - System32\Tasks\Security Center Update - 242100489 => C:\Users\TeeSupport\AppData\Roaming\Ifzaaq\ufcao.exe [2014-05-09] (Global Trade)
Task: {5A601C0D-47FF-44A6-B408-7AF1DAE3F21F} - System32\Tasks\Security Center Update - 3252293967 => C:\Users\Owner\AppData\Roaming\Elmiurov\ihuttul.exe [2013-11-27] (Virtual Group)
Task: {5E6BEE0B-2960-4131-ACE3-9EFE487AB4EA} - System32\Tasks\Security Center Update - 2401480587 => C:\Users\Quentin 3\AppData\Roaming\Urwaitk\wayge.exe [2014-06-04] (Global Trade)
Task: {6479F353-5414-409E-B0CC-2DF76816DBD0} - System32\Tasks\Security Center Update - 1392327789 => C:\Users\Quentin 3\AppData\Roaming\Tegafafy\syiry.exe [2014-06-04] (Global Trade)
Task: {6A926449-0ADE-4FC4-9D68-FAA8F9AC3EB0} - System32\Tasks\Security Center Update - 3997903547 => C:\Users\Quentin 3\AppData\Roaming\Nixivum\cywaygw.exe [2014-06-04] (Virtual Group)
Task: {74C083F3-F581-4BF0-B6C1-551027972CFA} - System32\Tasks\Security Center Update - 4154267427 => C:\Users\Quentin 2\AppData\Roaming\Ihvutyid\ygygi.exe [2014-06-02] (Virtual Group)
Task: {75EB1B3A-FC98-432F-A526-60D591BFF1F0} - System32\Tasks\Security Center Update - 708602951 => C:\Users\TeeSupport\AppData\Roaming\Umizpo\qyage.exe [2014-03-21] (Global Trade)
Task: {87F625A2-8CE3-4E19-9CE8-33C7AC19FF47} - System32\Tasks\Security Center Update - 1978031584 => C:\Users\TeeSupport\AppData\Roaming\Foleaxop\fyylr.exe [2014-04-14] (Virtual Group)
Task: {8D94C91F-5634-4FEC-BE0B-E17BDEA7035C} - System32\Tasks\Security Center Update - 3462081622 => C:\Users\TeeSupport\AppData\Roaming\Owsype\uperyde.exe [2013-10-04] (Virtual Group)
Task: {909749CB-F9B7-4BD5-BF30-7F646F2972A7} - System32\Tasks\Security Center Update - 1276178792 => C:\Users\Quentin 3\AppData\Roaming\Irabag\odozi.exe [2014-06-04] (Virtual Group)
Task: {90EAD6B9-4C6F-4876-BAB5-2BD47E2967FB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-07-05] (Google Inc.)
Task: {93976599-C006-4E82-A2A3-FFD3209FBBCE} - System32\Tasks\Security Center Update - 3543847863 => C:\Users\Owner\AppData\Roaming\Gelyer\elaxpa.exe [2013-09-12] (Global Trade)
Task: {94B72E77-084A-42E3-BDE9-8D661BC1158B} - \BrowserDefendert No Task File <==== ATTENTION
Task: {94C01A72-7B1E-4472-A505-32D4B4BC70AB} - System32\Tasks\Security Center Update - 3272480754 => C:\Users\Quentin 3\AppData\Roaming\Ydbouti\miows.exe [2014-06-04] (Virtual Group)
Task: {980D9178-DD0C-41A0-B13B-A54E4292ED39} - System32\Tasks\Security Center Update - 22934426 => C:\Users\Quentin 2\AppData\Roaming\Kuoqdueb\yhcub.exe [2014-06-02] (Virtual Group)
Task: {99C80F2E-E2F5-424B-82E6-C527A4542F32} - System32\Tasks\Security Center Update - 301616179 => C:\Users\Owner\AppData\Roaming\Obnodofu\byatala.exe [2014-03-03] (Virtual Group)
Task: {9A36AD46-9508-4DF7-8F58-747DACEE88B8} - System32\Tasks\{FA7D8BEF-0209-4195-9309-CE532C021DC3} => Chrome.exe http://ui.skype.com/ui/0/6.3.59.107/en/abandoninstall?page=tsProgressBar
Task: {9B81C7CF-3C5E-466B-A7F8-C2937FB05600} - System32\Tasks\Security Center Update - 1096596917 => C:\Users\Owner\AppData\Roaming\Hurupei\amnor.exe [2014-01-19] (Global Trade)
Task: {A11262FA-66EA-4336-BED6-E248CDDBD05D} - System32\Tasks\Security Center Update - 2793877117 => C:\Users\Quentin 2\AppData\Roaming\Ladyqi\weequwt.exe [2014-06-01] (Global Trade)
Task: {A3CCBFDD-9FB5-41B4-8404-A7C5852DBE99} - System32\Tasks\Security Center Update - 4003898796 => C:\Users\Quentin 2\AppData\Roaming\Loxumoas\eqhyen.exe [2014-06-02] (Virtual Group)
Task: {A4481A60-E3CE-4EEA-A379-E21C18EFE4C9} - System32\Tasks\Security Center Update - 2192498991 => C:\Users\Quentin 2\AppData\Roaming\Espaku\arubwi.exe [2014-06-02] (Virtual Group)
Task: {A4A81916-5523-42C6-B2BE-F90CD6B38022} - System32\Tasks\Security Center Update - 4131731185 => C:\Users\TeeSupport\AppData\Roaming\Icteuly\xeizr.exe [2014-04-25] (Virtual Group)
Task: {A78A8810-41FC-4FEA-8518-DA020F99A7A4} - System32\Tasks\Security Center Update - 2702152337 => C:\Users\Owner\AppData\Roaming\Ilohyh\gyqafiu.exe [2012-10-30] (Virtual Group)
Task: {A856440B-DB24-497B-B7EB-CCEE9D5D517F} - System32\Tasks\Security Center Update - 3544098129 => C:\Users\Owner\AppData\Roaming\Nyvielyn\zewoo.exe [2013-04-18] (Virtual Group)
Task: {B05F490B-4258-4228-A6E6-1D0410026047} - System32\Tasks\Security Center Update - 317955923 => C:\Users\Quentin 3\AppData\Roaming\Yvgytiyv\mecuiq.exe [2014-06-04] (Global Trade)
Task: {B2BAF2BC-0ACF-4BE6-B491-3F45632E80B7} - System32\Tasks\Security Center Update - 2173672188 => C:\Users\Quentin 2\AppData\Roaming\Inkonaxy\ywtyer.exe [2014-05-30] (Global Trade)
Task: {B4AACA71-F2B6-411E-B88B-237348394DCB} - System32\Tasks\Security Center Update - 2538863618 => C:\Users\Owner\AppData\Roaming\Dosaxuuq\caevo.exe [2013-07-14] (Virtual Group)
Task: {B88D2145-332F-4D59-9F5E-BD590A09FB3B} - \BackgroundContainer Startup Task No Task File <==== ATTENTION
Task: {BFAA9730-AABC-47BA-AF2B-E4CF55B926F9} - System32\Tasks\Security Center Update - 2092415349 => C:\Users\Quentin 2\AppData\Roaming\Ovorsow\cibead.exe [2014-06-02] (Virtual Group)
Task: {C030C3F6-216C-4282-95C0-96133B9852B0} - System32\Tasks\Driver Detective-RTMScanRunOnce => C:\Program Files (x86)\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe [2014-05-07] (PC Drivers Headquarters)
Task: {C2BEC3F2-29B6-438B-9287-C91EFF05FEC3} - System32\Tasks\Security Center Update - 446078145 => C:\Users\Quentin 3\AppData\Roaming\Miifhic\xexuw.exe [2014-06-04] (Virtual Group)
Task: {C73008DA-5AD7-4116-B074-F8D3A6BA7928} - System32\Tasks\Security Center Update - 404366012 => C:\Users\Owner\AppData\Roaming\Wixowilu\amteug.exe [2013-09-13] (Virtual Group)
Task: {E02F0D7F-4CC5-47E4-B64E-07EF1433F110} - System32\Tasks\Security Center Update - 1065396736 => C:\Users\Quentin 2\AppData\Roaming\Cufuseda\siynh.exe [2014-06-02] (Virtual Group)
Task: {E0538D1C-7E96-460C-8B9A-2C0F0522840D} - System32\Tasks\Security Center Update - 3180805863 => C:\Users\Quentin 2\AppData\Roaming\Buohdoe\yxudp.exe [2014-06-02] (Virtual Group)
Task: {E3B23794-8DC8-405A-826E-80FD3D07C109} - System32\Tasks\Security Center Update - 1408155373 => C:\Users\TeeSupport\AppData\Roaming\Izduaniv\yzcoca.exe [2013-09-30] (Virtual Group)
Task: {E7F4A9D7-A4C8-4CA7-8FF0-C0BCBC75F47F} - System32\Tasks\Security Center Update - 3796625987 => C:\Users\Owner\AppData\Roaming\Efkuylri\okwaec.exe [2012-11-20] (Virtual Group)
Task: {E865ED71-7B9B-4445-B01F-BFED309A5B64} - System32\Tasks\Security Center Update - 1111580089 => C:\Users\Owner\AppData\Roaming\Xoehto\mihegaf.exe [2012-02-11] (Global Trade)
Task: {EE6941A0-80AC-45D8-B03D-4E5D9F4C1DBE} - System32\Tasks\{0C43BCFB-27B6-40CF-A164-975D7E374468} => Chrome.exe http://ui.skype.com/ui/0/6.0.59.126/en/abandoninstall?page=tsProgressBar
Task: {F06A3A34-BB7F-4CF7-A283-853D5191A481} - System32\Tasks\Security Center Update - 3734159299 => C:\Users\TeeSupport\AppData\Roaming\Soypeku\uksyuz.exe [2014-02-14] (Virtual Group)
Task: {F31E9818-A712-43D8-AFDB-657287F50805} - System32\Tasks\Security Center Update - 551776949 => C:\Users\TeeSupport\AppData\Roaming\Akitevti\ryaqo.exe [2013-11-19] (Virtual Group)
Task: {F9E17A00-0D4B-4399-B611-C6145283639B} - System32\Tasks\Security Center Update - 62774847 => C:\Users\Quentin 3\AppData\Roaming\Abirubob\ihwipi.exe [2014-06-04] (Virtual Group)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\Security Center Update - 1065396736.job => C:\Users\Quentin 2\AppData\Roaming\Cufuseda\siynh.exe <==== ATTENTION
Task: C:\windows\Tasks\Security Center Update - 1096596917.job => C:\Users\Owner\AppData\Roaming\Hurupei\amnor.exe <==== ATTENTION
Task: C:\windows\Tasks\Security Center Update - 1111580089.job => C:\Users\Owner\AppData\Roaming\Xoehto\mihegaf.exe <==== ATTENTION
Task: C:\windows\Tasks\Security Center Update - 1116726850.job => C:\Users\Owner\AppData\Roaming\Ymhaca\woovepu.exe <==== ATTENTION
Task: C:\windows\Tasks\Security Center Update - 1276178792.job => C:\Users\Quentin 3\AppData\Roaming\Irabag\odozi.exe <==== ATTENTION
Task: C:\windows\Tasks\Security Center Update - 1363418141.job => C:\Users\Quentin 2\AppData\Roaming\Toxyca\usdia.exe <==== ATTENTION
Task: C:\windows\Tasks\Security Center Update - 1371265576.job => C:\Users\TeeSupport\AppData\Roaming\Ottyuhr\odxiigt.exe <==== ATTENTION
Task: C:\windows\Tasks\Security Center Update - 1392327789.job => C:\Users\Quentin 3\AppData\Roaming\Tegafafy\syiry.exe <==== ATTENTION
Task: C:\windows\Tasks\Security Center Update - 1408155373.job => C:\Users\TeeSupport\AppData\Roaming\Izduaniv\yzcoca.exe <==== ATTENTION
Task: C:\windows\Tasks\Security Center Update - 1431051120.job => C:\Users\Owner\AppData\Roaming\Myuzza\worah.exe <==== ATTENTION
Task: C:\windows\Tasks\Security Center Update - 1435531148.job => C:\Users\TeeSupport\AppData\Roaming\Erofwyoc\akqupec.exe <==== ATTENTION
Task: C:\windows\Tasks\Security Center Update - 1551334121.job => C:\Users\Quentin 3\AppData\Roaming\Otycinbo\umowuq.exe <==== ATTENTION
Task: C:\windows\Tasks\Security Center Update - 1823406108.job => C:\Users\Quentin 3\AppData\Roaming\Agekhu\itzuy.exe <==== ATTENTION
Task: C:\windows\Tasks\Security Center Update - 1978031584.job => C:\Users\TeeSupport\AppData\Roaming\Foleaxop\fyylr.exe <==== ATTENTION
Task: C:\windows\Tasks\Security Center Update - 2003871214.job => C:\Users\Owner\AppData\Roaming\Viogbe\urubaxd.exe <==== ATTENTION
Task: C:\windows\Tasks\Security Center Update - 2092415349.job => C:\Users\Quentin 2\AppData\Roaming\Ovorsow\cibead.exe <==== ATTENTION
Task: C:\windows\Tasks\Security Center Update - 2173672188.job => C:\Users\Quentin 2\AppData\Roaming\Inkonaxy\ywtyer.exe <==== ATTENTION
Task: C:\windows\Tasks\Security Center Update - 2192498991.job => C:\Users\Quentin 2\AppData\Roaming\Espaku\arubwi.exe <==== ATTENTION
Task: C:\windows\Tasks\Security Center Update - 22934426.job => C:\Users\Quentin 2\AppData\Roaming\Kuoqdueb\yhcub.exe <==== ATTENTION
Task: C:\windows\Tasks\Security Center Update - 2379301644.job => C:\Users\Quentin 2\AppData\Roaming\Amatim\qysyc.exe <==== ATTENTION
Task: C:\windows\Tasks\Security Center Update - 2401480587.job => C:\Users\Quentin 3\AppData\Roaming\Urwaitk\wayge.exe <==== ATTENTION
Task: C:\windows\Tasks\Security Center Update - 242100489.job => C:\Users\TeeSupport\AppData\Roaming\Ifzaaq\ufcao.exe <==== ATTENTION
Task: C:\windows\Tasks\Security Center Update - 2538863618.job => C:\Users\Owner\AppData\Roaming\Dosaxuuq\caevo.exe <==== ATTENTION
Task: C:\windows\Tasks\Security Center Update - 2702152337.job => C:\Users\Owner\AppData\Roaming\Ilohyh\gyqafiu.exe <==== ATTENTION
Task: C:\windows\Tasks\Security Center Update - 273463002.job => C:\Users\Quentin 3\AppData\Roaming\Hyypogpa\xeqoqaz.exe <==== ATTENTION
Task: C:\windows\Tasks\Security Center Update - 2760858941.job => C:\Users\Owner\AppData\Roaming\Abepfom\elymat.exe <==== ATTENTION
Task: C:\windows\Tasks\Security Center Update - 2793877117.job => C:\Users\Quentin 2\AppData\Roaming\Ladyqi\weequwt.exe <==== ATTENTION
Task: C:\windows\Tasks\Security Center Update - 301616179.job => C:\Users\Owner\AppData\Roaming\Obnodofu\byatala.exe <==== ATTENTION
Task: C:\windows\Tasks\Security Center Update - 3077791864.job => C:\Users\Quentin 2\AppData\Roaming\Geguupqe\ywpode.exe <==== ATTENTION
Task: C:\windows\Tasks\Security Center Update - 317955923.job => C:\Users\Quentin 3\AppData\Roaming\Yvgytiyv\mecuiq.exe <==== ATTENTION
Task: C:\windows\Tasks\Security Center Update - 3180805863.job => C:\Users\Quentin 2\AppData\Roaming\Buohdoe\yxudp.exe <==== ATTENTION
Task: C:\windows\Tasks\Security Center Update - 3252293967.job => C:\Users\Owner\AppData\Roaming\Elmiurov\ihuttul.exe <==== ATTENTION
Task: C:\windows\Tasks\Security Center Update - 3272480754.job => C:\Users\Quentin 3\AppData\Roaming\Ydbouti\miows.exe <==== ATTENTION
Task: C:\windows\Tasks\Security Center Update - 3462081622.job => C:\Users\TeeSupport\AppData\Roaming\Owsype\uperyde.exe <==== ATTENTION
Task: C:\windows\Tasks\Security Center Update - 3528719669.job => C:\Users\TeeSupport\AppData\Roaming\Iwrura\zoilhu.exe <==== ATTENTION
Task: C:\windows\Tasks\Security Center Update - 3543847863.job => C:\Users\Owner\AppData\Roaming\Gelyer\elaxpa.exe <==== ATTENTION
Task: C:\windows\Tasks\Security Center Update - 3544098129.job => C:\Users\Owner\AppData\Roaming\Nyvielyn\zewoo.exe <==== ATTENTION
Task: C:\windows\Tasks\Security Center Update - 3734159299.job => C:\Users\TeeSupport\AppData\Roaming\Soypeku\uksyuz.exe <==== ATTENTION
Task: C:\windows\Tasks\Security Center Update - 3757644616.job => C:\Users\Owner\AppData\Roaming\Ufufqula\tauge.exe <==== ATTENTION
Task: C:\windows\Tasks\Security Center Update - 3796625987.job => C:\Users\Owner\AppData\Roaming\Efkuylri\okwaec.exe <==== ATTENTION
Task: C:\windows\Tasks\Security Center Update - 3997903547.job => C:\Users\Quentin 3\AppData\Roaming\Nixivum\cywaygw.exe <==== ATTENTION
Task: C:\windows\Tasks\Security Center Update - 4003898796.job => C:\Users\Quentin 2\AppData\Roaming\Loxumoas\eqhyen.exe <==== ATTENTION
Task: C:\windows\Tasks\Security Center Update - 404366012.job => C:\Users\Owner\AppData\Roaming\Wixowilu\amteug.exe <==== ATTENTION
Task: C:\windows\Tasks\Security Center Update - 4072912339.job => C:\Users\Quentin 3\AppData\Roaming\Wusuafo\alsey.exe <==== ATTENTION
Task: C:\windows\Tasks\Security Center Update - 4131731185.job => C:\Users\TeeSupport\AppData\Roaming\Icteuly\xeizr.exe <==== ATTENTION
Task: C:\windows\Tasks\Security Center Update - 4154267427.job => C:\Users\Quentin 2\AppData\Roaming\Ihvutyid\ygygi.exe <==== ATTENTION
Task: C:\windows\Tasks\Security Center Update - 446078145.job => C:\Users\Quentin 3\AppData\Roaming\Miifhic\xexuw.exe <==== ATTENTION
Task: C:\windows\Tasks\Security Center Update - 551776949.job => C:\Users\TeeSupport\AppData\Roaming\Akitevti\ryaqo.exe <==== ATTENTION
Task: C:\windows\Tasks\Security Center Update - 62774847.job => C:\Users\Quentin 3\AppData\Roaming\Abirubob\ihwipi.exe <==== ATTENTION
Task: C:\windows\Tasks\Security Center Update - 708602951.job => C:\Users\TeeSupport\AppData\Roaming\Umizpo\qyage.exe <==== ATTENTION
Task: C:\windows\Tasks\Security Center Update - 709194078.job => C:\Users\TeeSupport\AppData\Roaming\Ipehyg\ermafyy.exe <==== ATTENTION
Task: C:\windows\Tasks\SK.Enabler-S-1495795506.job => c:\programdata\quickset\sk.enabler\SK.Enabler.exe <==== ATTENTION
 
==================== Loaded Modules (whitelisted) =============
 
2014-06-30 09:45 - 2014-06-30 09:45 - 00047360 ___SH () C:\Users\TeeSupport\porluibacpap.exe
2014-05-31 19:08 - 2014-05-31 19:08 - 00141312 _____ () C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\psvchost.exe
2012-08-15 16:52 - 2012-12-11 23:27 - 00076888 _____ () C:\windows\SysWOW64\PnkBstrA.exe
2010-02-05 20:44 - 2010-02-05 20:44 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2014-06-30 18:20 - 2014-06-30 18:20 - 00047360 ___SH () C:\Users\Owner\porluibacpap.exe
2014-04-24 10:42 - 2014-06-09 03:57 - 00065704 _____ () C:\Program Files (x86)\iSafe\zlib1.dll
2014-04-24 10:42 - 2014-06-09 03:55 - 00092328 _____ () C:\Program Files (x86)\iSafe\curlpp.dll
2014-01-02 22:14 - 2014-04-21 04:22 - 00176976 _____ () C:\Program Files (x86)\iSafe\tws\unrar.dll
2014-01-02 22:14 - 2014-04-21 04:22 - 00068432 _____ () C:\Program Files (x86)\iSafe\tws\zlib1.dll
2014-01-02 22:14 - 2014-04-21 04:22 - 00087744 _____ () C:\Program Files (x86)\iSafe\tws\unacev2.dll
2014-01-02 22:14 - 2014-06-09 03:57 - 00182272 _____ () C:\Program Files (x86)\iSafe\libpng.dll
2011-12-10 12:52 - 2011-12-10 12:45 - 02557952 _____ () C:\Program Files (x86)\Webroot\Security\Current\framework\frameworkresources.dll
2014-08-11 16:01 - 2014-03-15 08:34 - 03323904 _____ () C:\Users\TeeSupport\AppData\Local\Temp\temp7D8462B2-296E\mozjs.dll
2011-10-15 16:40 - 2011-10-19 12:22 - 00539744 _____ () C:\Program Files (x86)\Webroot\Security\current\plugins\antimalware\ziptv06.dll
2011-10-15 16:40 - 2011-10-19 12:22 - 00419192 _____ () C:\Program Files (x86)\Webroot\Security\current\plugins\antimalware\LockBox.dll
2011-10-15 16:40 - 2011-10-29 00:04 - 01219256 _____ () C:\Program Files (x86)\Webroot\Security\current\plugins\antimalware\antimalware.dll
2011-10-15 16:26 - 2011-12-10 12:52 - 00057344 _____ () C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\antimalwareresources.dll
2014-08-12 17:17 - 2014-08-12 17:17 - 00043008 _____ () c:\users\owner\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp_h4fsn.dll
2013-08-23 15:01 - 2013-08-23 15:01 - 25100288 _____ () C:\Users\Owner\AppData\Roaming\Dropbox\bin\libcef.dll
2011-01-17 17:19 - 2011-12-14 23:19 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2014-06-01 13:14 - 2014-03-15 08:34 - 03323904 _____ () C:\Users\Owner\AppData\Local\Temp\temp7D8462B2-296E\mozjs.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
 
==================== Faulty Device Manager Devices =============
 
Name: Microsoft 6to4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Microsoft ISATAP Adapter
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Microsoft ISATAP Adapter #2
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Microsoft ISATAP Adapter #3
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Microsoft ISATAP Adapter #4
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/12/2014 07:34:50 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (08/12/2014 07:34:50 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Error: (08/12/2014 05:14:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: psvchost.exe, version: 0.0.0.0, time stamp: 0x2a425e19
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x80000001
Fault offset: 0x01e91892
Faulting process id: 0x1b84
Faulting application start time: 0xpsvchost.exe0
Faulting application path: psvchost.exe1
Faulting module path: psvchost.exe2
Report Id: psvchost.exe3
 
Error: (08/12/2014 05:03:32 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (08/12/2014 05:03:32 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Error: (08/12/2014 05:01:59 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error:  Initialization failed 0x80070422 Type: 88::UnexpectedError.
 
Error: (08/11/2014 07:16:48 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (08/11/2014 07:16:48 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Error: (08/11/2014 07:11:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/11/2014 07:06:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.0.2.0, time stamp: 0x5318d363
Faulting module name: mbamservice.exe, version: 3.0.2.0, time stamp: 0x5318d363
Exception code: 0x40000015
Fault offset: 0x0007da8a
Faulting process id: 0xbb0
Faulting application start time: 0xmbamservice.exe0
Faulting application path: mbamservice.exe1
Faulting module path: mbamservice.exe2
Report Id: mbamservice.exe3
 
 
System errors:
=============
Error: (08/12/2014 07:34:16 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error: 
%%-2147024891
 
Error: (08/12/2014 07:34:16 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: 
%%-2147024891
 
Error: (08/12/2014 07:34:16 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error: 
%%-2147024891
 
Error: (08/12/2014 07:34:16 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: 
%%-2147024891
 
Error: (08/12/2014 07:29:24 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SecurityCenterServer709194078 service.
 
Error: (08/12/2014 07:27:45 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.
 
Error: (08/12/2014 06:06:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: 
%%1053
 
Error: (08/12/2014 06:06:29 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.
 
Error: (08/12/2014 06:03:47 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SecurityCenterServer709194078 service.
 
Error: (08/12/2014 05:36:28 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 
 
Microsoft Office Sessions:
=========================
Error: (08/12/2014 07:34:50 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000
 
Error: (08/12/2014 07:34:50 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000
 
Error: (08/12/2014 05:14:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: psvchost.exe0.0.0.02a425e19unknown0.0.0.0000000008000000101e918921b8401cfb6725da1f320C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\psvchost.exeunknownaa05f8c6-2265-11e4-8395-00266ccbcee9
 
Error: (08/12/2014 05:03:32 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000
 
Error: (08/12/2014 05:03:32 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000
 
Error: (08/12/2014 05:01:59 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error:  Initialization failed 0x80070422 Type: 88::UnexpectedError.
 
Error: (08/11/2014 07:16:48 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000
 
Error: (08/11/2014 07:16:48 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000
 
Error: (08/11/2014 07:11:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/11/2014 07:06:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbamservice.exe3.0.2.05318d363mbamservice.exe3.0.2.05318d363400000150007da8abb001cfb5b8a82d9312C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe19e05104-21ac-11e4-8395-00266ccbcee9
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-08-12 19:37:04.270
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-08-12 19:37:03.967
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 65%
Total physical RAM: 2662.87 MB
Available physical RAM: 924.5 MB
Total Pagefile: 5323.92 MB
Available Pagefile: 1971.87 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB
 
==================== Drives ================================
 
Drive c: (TI106147W0C) (Fixed) (Total:285.29 GB) (Free:198.11 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: 2B538AD9)
Partition 1: (Active) - (Size=1 GB) - (Type=27)
Partition 2: (Not Active) - (Size=285 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11 GB) - (Type=17)
 
==================== End Of Log ============================

 



#6 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,158 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:09:25 AM

Posted 13 August 2014 - 12:42 PM

Hi quentin109.

 

My name is Sirawit and I will continue to help you from this point.

 

Please note that I'm currently in training and my fixes need to be check for approval first, that may delay our fix a bit, but I will normally reply back in 24 hours.

 

If I don't reply after 2 days, feel free to PM me.   :)

 

 

Now I'm currently reviewing the logs, I will reply to you as fast as possible.

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#7 quentin109

quentin109
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:25 PM

Posted 13 August 2014 - 12:51 PM

Ok, Thank You.



#8 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,158 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:09:25 AM

Posted 14 August 2014 - 08:15 AM

One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.
 
Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
 
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall
 
We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.
 
 
Now we need to run Combofix.
Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or>here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer.
 
Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#9 quentin109

quentin109
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:25 PM

Posted 14 August 2014 - 10:34 AM

For some reason ComboFix wont produce a log after I disabled all my antivirus programs and closed all windows and keeps giving me a error that says:

Error opening file for writing:

C:\32788R22FWJFW\pev.3XE

Click Abort to stop the installation,
Retry to try again, or
Ignore to skip this file.

What should I do?

Also I kinda want to format and reinstall the OS but I do not have the Windows 7 disk is there a way to do it without the disk that you can guide me through the process? I however have my windows 7  25-digit product key that I found under a sticker underneath my laptop so that shouldnt be a problem.
 
Thanks for your help and please continue to do so because as you have said my laptop is seriously infected so I do need your help.



#10 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,158 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:09:25 AM

Posted 14 August 2014 - 10:38 AM

Hi quentin109.

Thanks for your help and please continue to do so because as you have said my laptop is seriously infected so I do need your help.

"Continue" to guide you through fixing or reinstalling?
 
Thank you.

Edited by Sirawit, 14 August 2014 - 10:38 AM.

If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#11 quentin109

quentin109
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:25 PM

Posted 14 August 2014 - 10:48 AM

If there is a way to reinstall the OS without the Windows 7 boot disk, guide me through that process but if I cant reinstall the OS without the CD continue guiding me through thr fixing process.

Thank You

#12 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,158 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:09:25 AM

Posted 16 August 2014 - 07:52 AM

Hi quentin109, and sorry for some delay.

 

The serial number you found on your computer is most likely an OEM key, which means this windows license is fixed to this machine only.

Normally, these machine have a recovery mode that can be use to reverse your computer to factory state. To ensure that this process will finish successfully, we need to do some fixing first.

 

Please download fresh copy of Combofix, but rename it to svchost.exe before download the file. Then disabled your protection software and try run new CF again.

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#13 quentin109

quentin109
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:25 PM

Posted 17 August 2014 - 11:05 AM

Still having problems ComboFix nor svchost.exe will produce logs for me, they will either freeze up or crash my computer. I even uninstalled my antivirus programs and tried using these programs in Safe Mode but nothing is working. Please help  :(



#14 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,158 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:09:25 AM

Posted 19 August 2014 - 07:56 AM

Hi quentin109.

 

Please try this:

 

Press Windows Button + R, the "Run" dialog box will appear, then type in combofix.exe /killall and click OK.

 

Did combofix finish its job this time?

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#15 quentin109

quentin109
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:25 PM

Posted 19 August 2014 - 06:34 PM

No, ComboFix still wont produce a log for me. :(




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users